From owner-freebsd-security  Wed Oct 14 12:44:27 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA14784
          for freebsd-security-outgoing; Wed, 14 Oct 1998 12:44:27 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from peak.mountin.net (peak.mountin.net [207.227.119.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA14779
          for <freebsd-security@FreeBSD.ORG>; Wed, 14 Oct 1998 12:44:26 -0700 (PDT)
          (envelope-from jeff-ml@mountin.net)
Received: (from daemon@localhost)
	by peak.mountin.net (8.9.1/8.9.1) id OAA09160;
	Wed, 14 Oct 1998 14:43:05 -0500 (CDT)
Received: from klinzhai-104.isdn.mke.execpc.com(169.207.65.232) by peak.mountin.net via smap (V1.3)
	id sma009157; Wed Oct 14 14:42:36 1998
Message-Id: <3.0.3.32.19981014143146.0105ff00@207.227.119.2>
X-Sender: jeff-ml@207.227.119.2
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Wed, 14 Oct 1998 14:31:46 -0500
To: mike@seidata.com, "N. N.M" <madrapour@hotmail.com>
From: "Jeffrey J. Mountin" <jeff-ml@mountin.net>
Subject: Re: Again logging! 
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.05.9810141120260.16462-100000@ns1.seidata.com>
References: <19981014142006.22104.qmail@hotmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 11:26 AM 10/14/98 -0400, mike@seidata.com wrote:
>On Wed, 14 Oct 1998, N. N.M wrote:
>
>> 1- I installed TCP Wrapper in the way that I moved the real daemons to 
>> another directory and copied "tcpd" instead of real daemons. I don't 
>> know how I can get it's logs. I add a line to log the messages from 
>> "tcpd" to a file. But it didn't work.
>
>Default install dumps to /var/log/messages for me - what do you mean
>by 'get it's logs'?

Yes, but the facility is LOG_AUTH if you use the port.  The original source
uses LOG_MAIL for some odd reason.  Either way it should be logged in
messages with the original install's syslog.conf, which lumps it in with
other daemons.

Personally I change patch-aa to use LOG_LOCAL7 and in syslog.conf I direct
local7.* to /var/log/tcpd, which IMO should have a logfile to itself.  Then
again I like to break things down more than the original syslog.conf does,
which makes it easier to sift out the chaff.

If you are not familiar with the diff's, it would be better to 'make
patch', edit the Makefile, then 'make' and 'make install' (or just 'make
install').


Jeff Mountin - Unix Systems TCP/IP networking
jeff@mountin.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message