#!/bin/bash -e

source /etc/environment

# Excerpt from arpalert.conf:
# script launched on each detection
# parameters are:
#  - "mac adress of requestor"
#  - "ip of requestor"
#  - "supp. parm."
#  - "ethernet device listening on"
#  - "type of alert"
#  - optional : "ethernet vendor"
# type of alert:
# 0: ip change
# 1: mac address only detected but not in white list
# 2: mac address in black list
# 3: new mac address
# 4: unauthorized arp request
# 5: abusive number of arp request detected 
# 6: ethernet mac address different from arp mac address
# 7: global flood detection
# 8: new mac address without ip
# 9: mac change

mac=${1:-}
ip=${2:-}
supp_parm=${3:-}
eth_dev=${4:-}
alert_type=${5:-}
eth_vendor=${6:-}

logger "arpalert event: ${mac} ${ip} ${supp_parm} ${eth_dev} ${alert_type} ${eth_vendor}"