[NTLUG:Discuss] Delete host from Arpwatch database

[CoryC]

I've been using Arpwatch for a while on my network here at work and just realized something quite frustrating. Whenever I delete a host entry from the database they keep showing up even after the host has been physically removed from the network and the server rebooted. I have reproduced this on two different servers on two different networks. 

I'm running CentOS 4.7 and the entries are stored in /var/arpwatch/arp.dat and a backup file /var/arpwatch/arp.dat- (Hyphen intentional). 

If I bring up a new computer/virtual machine, Arpwatch detects the mac & ip address and inserts them into the arp.dat and arp.dat- files. 

The machine goes off our network or the virtual machine is deleted and I delete the entries from the arp.dat & arp.dat- files. As soon as the Arpwatch service restarts the entry shows up in both files again....even after a reboot. The devices are no longer physically on the network but I can't figure out why they keep showing up. They don't show up in the arp table and I can't find anywhere else they are stored. 

I've search google using combination of Arpwatch, arp.dat, cache, purge, delete, flush, etc. and not found any mention of this issue before.

Any suggestions?