From owner-freebsd-questions@freebsd.org Tue Feb 9 05:45:06 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E15A3AA2385; Tue, 9 Feb 2016 05:45:05 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mail-vk0-x22b.google.com (mail-vk0-x22b.google.com [IPv6:2607:f8b0:400c:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A65BB82C; Tue, 9 Feb 2016 05:45:05 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: by mail-vk0-x22b.google.com with SMTP id e185so110340237vkb.1; Mon, 08 Feb 2016 21:45:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=HTUk4Rv+2C38IZ2a3znDtvHFZRtCcdbZPnfkknGXZB4=; b=ihCIAE9i4LCc8xhhrJ0zQGBSBXAj/rkZb2JqXZVGpUNC3Jet7QZTowdpbnygfWw1xx AkpE2ny1hsz6Cxo1ra1lA44NYxUOg2ew26JDYVhB+MplgvcRO+EyYYUp3uUxLJSS9lOU 1prrfZgUO2XMqPRFfd1vPpZ8FBHTiHtQmsuxc7tST84RJocdt2fzhIi1GiLOHa7li+Ql C7YSeoDmrv83iX1NLx9BPIRWX89qG328zsdazTvhSoLdGNXEJHePGOgaanDd0S11BPcN wgYp/3yDLqK1Ywgq6HsqNymnMDjmql9rjJYcj2BXlEr2nt3Yz6Fw17rRJ0IKbk9/lUxm s58g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=HTUk4Rv+2C38IZ2a3znDtvHFZRtCcdbZPnfkknGXZB4=; b=Fcq4j1K43QuVWuBQI4wU3YcKmYocSqWZsm0scLhK7sEkZ8PXGryyXwYcD99LH7giDu tRa2pNc1vAo7rn8V/6fepLcfHhzEarO2jynCBEJ0+9fQ8FdKRBjRpl3Go3l/wXcz9zvr zWE2H0eXypyJvsX5gXubqo+1Kv2nqUCVfgyiF3Z1EQlDqSmaBvbtxxKmqQM82/7fJB/1 FvHuHFCc27CgcLEXNipg0Ssdjq3T0WhiUPW2dsFJ3xM42nZlp1KiPYqjcdIcifvWLxe5 Ec72YzNM00t3ablSV/UYF0+8rtgTELPdIvgzAk1ImQf6j5jeviMAxyE1B/TLdLiRHSAt wRqA== X-Gm-Message-State: AG10YORWsqZ+zxY+quhK8vTXLgYb5Y/2l1uXUfeCW+YoMq7luikl3uiEmkKT5fQMtZXqi9Tg5MsbwIRRJk9LMQ== MIME-Version: 1.0 X-Received: by 10.31.163.68 with SMTP id m65mr23858453vke.85.1454996704373; Mon, 08 Feb 2016 21:45:04 -0800 (PST) Sender: kob6558@gmail.com Received: by 10.159.32.135 with HTTP; Mon, 8 Feb 2016 21:45:04 -0800 (PST) In-Reply-To: <56B97687.8050703@hiwaay.net> References: <56B90930.3000802@hiwaay.net> <20160208224644.f696fce2.freebsd@edvax.de> <56B97687.8050703@hiwaay.net> Date: Mon, 8 Feb 2016 21:45:04 -0800 X-Google-Sender-Auth: x_sCkQvBv72MoINdJcFy8tvj-Rw Message-ID: Subject: Re: tor logging From: Kevin Oberman To: "William A. Mahaffey III" Cc: "FreeBSD Questions !!!!" , "FreeBSD ports list !!!!" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Feb 2016 05:45:06 -0000 On Mon, Feb 8, 2016 at 9:16 PM, William A. Mahaffey III wrote: > On 02/08/16 15:52, Polytropon wrote: > >> On Mon, 8 Feb 2016 15:36:58 -0553.75, William A. Mahaffey III wrote: >> >>> My torrc >>> files seems to indicate logging to /usr/local/var/log/tor, but no such >>> file or directory. >>> >> Create this directory subtree and an empty log file. Then check >> if it will actually be used for logging - if that is what the >> torrc file indicates. Otherwise, set a different logging file, >> but make sure it does actually exist. >> >> >> > > Further review seems to indicate use of the built-in syslog system: > > [root@kabini1, /etc, 11:17:03pm] 477 % grep log /usr/local/etc/tor/torrc > ## may provide sensitive information to an attacker who obtains the logs. > ## Send all messages of level 'notice' or higher to > /usr/local/var/log/tor/notices.log > #Log notice file /usr/local/var/log/tor/notices.log > ## Send every possible message to /usr/local/var/log/tor/debug.log > #Log debug file /usr/local/var/log/tor/debug.log > ## Use the system log instead of Tor's logfiles > #Log notice syslog > [root@kabini1, /etc, 11:17:08pm] 478 % grep log > /usr/local/etc/tor/torrc.default > ## may provide sensitive information to an attacker who obtains the logs. > ## Send all messages of level 'notice' or higher to > /usr/local/var/log/tor/notices.log > #Log notice file /usr/local/var/log/tor/notices.log > ## Send every possible message to /usr/local/var/log/tor/debug.log > #Log debug file /usr/local/var/log/tor/debug.log > ## Use the system log instead of Tor's logfiles > Log notice syslog > [root@kabini1, /etc, 11:17:10pm] 479 % lltr /var/log/tor* > -rw-r----- 1 _tor _tor 230140 Jan 21 2015 /var/log/tor.4.bz2 > -rw-r----- 1 _tor _tor 122109 Feb 23 2015 /var/log/tor.3.bz2 > -rw-r----- 1 _tor _tor 126723 Mar 30 2015 /var/log/tor.2.bz2 > -rw-r----- 1 _tor _tor 147674 May 28 2015 /var/log/tor.1.bz2 > -rw-r----- 1 _tor _tor 166094 Dec 3 00:06 /var/log/tor.0.bz2 > [root@kabini1, /etc, 11:17:19pm] 480 % > > In the past (before last upgrade) tor logged to a file in /var/log, see > above. Afterward, ???? There was a directory named /var/log/tor, owned > _tor:_tor, but it was empty & I removed it after a week or so & re-created > it & restarted tor. It restarts OK & seems to be working OK, just no > logging. Has the amount of logging changed from a couple of months ago ? > > -- > > William A. Mahaffey III See UPDATING 20160119: AFFECTS: users of security/tor, security/tor-devel -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683