Proper method to enable ARP to be collected in local.zeek ?

[innovate-support]

I'm using SO 2.4.110. I'd like to collect MAC info along with IP and Ports from Zeek. Skynet is suggesting that I simply add @load base/protocols/arp to my local.zeek file and restart, supposedly resulting in a arp.log file that's searchable. Is that accurate? I don't want to start messing with zeek files and break my system. If it's that easy, why isn't it collecting arp data by default?

[cm-ops]

There is no script for arp in base/protocols. I do see a plugin https://docs.zeek.org/en/v6.0.9/scripts/base/bif/plugins/Zeek_ARP.events.bif.zeek.html but plugins are not supported. You might be able to find a script for Zeek to generate the arp.log, but you would need to add a zeek.arp ingest pipeline to see them in an index.