Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Apr 2003 07:02:44 -0600
From:      D J Hawkey Jr <hawkeyd@visi.com>
To:        Mike Tancsa <mike@sentex.net>
Cc:        security@freebsd.org
Subject:   Re: LOG_AUTHPRIV and the default syslog.conf
Message-ID:  <20030402070244.A8569@sheol.localdomain>
In-Reply-To: <5.2.0.9.0.20030402074159.0741a088@192.168.0.12>; from mike@sentex.net on Wed, Apr 02, 2003 at 07:46:51AM -0500
References:  <20030401161142.GA19845@comp.chem.msu.su> <5.2.0.9.0.20030402074159.0741a088@192.168.0.12>
next in thread | previous in thread | raw e-mail | index | archive | help 
> At 08:11 PM 4/1/2003 +0400, Yar Tikhiy wrote:
> >The following patch was proposed:
> >
> >Index: syslog.conf
> >===================================================================
> >RCS file: /home/ncvs/src/etc/syslog.conf,v
> >retrieving revision 1.23
> >diff -u -r1.23 syslog.conf
> >--- syslog.conf 21 Sep 2002 12:07:35 -0000      1.23
> >+++ syslog.conf 11 Feb 2003 11:39:55 -0000
> >@@ -6,7 +6,7 @@
> >  #      may want to use only tabs as field separators here.
> >  #      Consult the syslog.conf(5) manpage.
> >  *.err;kern.debug;auth.notice;mail.crit         /dev/console
> >-*.notice;kern.debug;lpr.info;mail.crit;news.err        /var/log/messages
> >+*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err 
> >/var/log/messages
> >  security.*                                     /var/log/security
> >  auth.info;authpriv.info                        /var/log/auth.log
> >  mail.info                                      /var/log/maillog
> >===================================================================
> >
> >Since my PR has received no feedback, I'd like to discuss the above
> >problem here before committing my patch.  Have I overlooked any
> >complications?

On Apr 02, at 07:46 AM, Mike Tancsa top-posted:
> 
> I like the change and I dont think it would adversely affect any sites.
> 
>          ---Mike

FWIW, long ago, I set one of mine up as:

*.err;authpriv.none				/dev/console
*.notice;auth.info;kern.debug;security.none;local0.none;authpriv.none	/var/log/messages
security.*;local0.*;authpriv.*			/var/log/security

I must have been thinking the same thing Yar does WRT authpriv and
/var/log/messages.

Note that I also added local0, for ipmon(8); is it too late to
consider this hack as well as Yar's?

Dave

-- 
  ______________________                         ______________________
  \__________________   \    D. J. HAWKEY JR.   /   __________________/
     \________________/\     hawkeyd@visi.com    /\________________/
                      http://www.visi.com/~hawkeyd/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030402070244.A8569>