Date: Wed, 14 Oct 1998 16:00:12 -0500 (CDT) From: Mike Jenkins <mjenkins@carp.gbr.epa.gov> To: jeff-ml@mountin.net, madrapour@hotmail.com, mike@seidata.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: Again logging! Message-ID: <199810142100.QAA22991@carp.gbr.epa.gov> In-Reply-To: <3.0.3.32.19981014143146.0105ff00@207.227.119.2>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 14 Oct 1998 14:31:46 -0500, Jeffrey J. Mountin wrote: > At 11:26 AM 10/14/98 -0400, mike@seidata.com wrote: > >On Wed, 14 Oct 1998, N. N.M wrote: > > > >> 1- I installed TCP Wrapper in the way that I moved the real daemons to > >> another directory and copied "tcpd" instead of real daemons. I don't > >> know how I can get it's logs. I add a line to log the messages from > >> "tcpd" to a file. But it didn't work. > > > >Default install dumps to /var/log/messages for me - what do you mean > >by 'get it's logs'? > > Yes, but the facility is LOG_AUTH if you use the port. The original source > uses LOG_MAIL for some odd reason. Either way it should be logged in > messages with the original install's syslog.conf, which lumps it in with > other daemons. > > Personally I change patch-aa to use LOG_LOCAL7 and in syslog.conf I direct > local7.* to /var/log/tcpd, which IMO should have a logfile to itself. Then > again I like to break things down more than the original syslog.conf does, > which makes it easier to sift out the chaff. I find tags very useful when you don't know what facility a program uses. For example, I use the following in /etc/syslog.conf for "inetd -l": !inetd *.*<TAB><TAB><TAB><TAB><TAB><TAB>/var/log/inetd.log So tcpd could use something like: !tcpd *.*<TAB><TAB><TAB><TAB><TAB><TAB>/var/log/tcpd.log Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810142100.QAA22991>