From owner-freebsd-security  Wed Oct 14 14:00:46 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA24852
          for freebsd-security-outgoing; Wed, 14 Oct 1998 14:00:46 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from carp.gbr.epa.gov (carp.gbr.epa.gov [204.46.159.110])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA24840
          for <freebsd-security@FreeBSD.ORG>; Wed, 14 Oct 1998 14:00:40 -0700 (PDT)
          (envelope-from mjenkins@carp.gbr.epa.gov)
Received: (from mjenkins@localhost)
	by carp.gbr.epa.gov (8.8.8/8.8.8) id QAA22991;
	Wed, 14 Oct 1998 16:00:12 -0500 (CDT)
	(envelope-from mjenkins)
Date: Wed, 14 Oct 1998 16:00:12 -0500 (CDT)
From: Mike Jenkins <mjenkins@carp.gbr.epa.gov>
Message-Id: <199810142100.QAA22991@carp.gbr.epa.gov>
To: jeff-ml@mountin.net, madrapour@hotmail.com, mike@seidata.com
Subject: Re: Again logging!
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <3.0.3.32.19981014143146.0105ff00@207.227.119.2>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 14 Oct 1998 14:31:46 -0500, Jeffrey J. Mountin wrote:
> At 11:26 AM 10/14/98 -0400, mike@seidata.com wrote:
> >On Wed, 14 Oct 1998, N. N.M wrote:
> >
> >> 1- I installed TCP Wrapper in the way that I moved the real daemons to 
> >> another directory and copied "tcpd" instead of real daemons. I don't 
> >> know how I can get it's logs. I add a line to log the messages from 
> >> "tcpd" to a file. But it didn't work.
> >
> >Default install dumps to /var/log/messages for me - what do you mean
> >by 'get it's logs'?
>
> Yes, but the facility is LOG_AUTH if you use the port.  The original source
> uses LOG_MAIL for some odd reason.  Either way it should be logged in
> messages with the original install's syslog.conf, which lumps it in with
> other daemons.
>
> Personally I change patch-aa to use LOG_LOCAL7 and in syslog.conf I direct
> local7.* to /var/log/tcpd, which IMO should have a logfile to itself.  Then
> again I like to break things down more than the original syslog.conf does,
> which makes it easier to sift out the chaff.

I find tags very useful when you don't know what facility a program uses.
For example, I use the following in /etc/syslog.conf for "inetd -l":

	!inetd
	*.*<TAB><TAB><TAB><TAB><TAB><TAB>/var/log/inetd.log

So tcpd could use something like:

	!tcpd
	*.*<TAB><TAB><TAB><TAB><TAB><TAB>/var/log/tcpd.log

Mike

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message