Date: Sun, 27 Jun 1999 18:39:52 -0400 (EDT) From: matt <matt@AIC-GW.MLINK.NET> To: "Art Neilson, KH7PZ" <art@hawaii.rr.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: tcp_wrappers Message-ID: <Pine.BSF.4.10.9906271837380.22533-100000@aic-gw.mlink.net> In-Reply-To: <3.0.6.32.19990627123521.008794d0@clients1.hawaii.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Try this: modify it a bit to your own use, I hack some source code to log to different levels, like identd and ircd...... this is my syslog.conf: -- start -- # -------------------------------------------------------------------------- # /etc/syslog.conf: Syslog message configuration file # -------------------------------------------------------------------------- # Facility names: # One of the following keywords: auth, authpriv, cron, daemon, kern, # lpr, mail, mark, news, syslog, user, uucp and local0 through local7. # # Priority Names # One of the following ordered list (higher to lower): # emerg, alert, crit, err, warn, notice, info, debug, and none. # # # >> MUST USE TAB'S *NOT* SPACES # -------------------------------------------------------------------------- ### error logs *.err;authpriv.=warn;local1.none /var/log/syslog ### information logs *.=info;*.=notice;*.=warn;kern,local1.none /var/log/messages ### kernel logs kern.* /var/log/kernel ### mail logs mail.info /var/log/mail ### cron logs cron.info /var/log/cron ### sshd logs local0.info /var/log/sshd ### identd logs local1.info /var/log/identd ### security logs auth,authpriv.info /var/log/secure ### debug logs *.=debug;kern.none /var/log/debug ### ircd logs local2.debug /var/log/ircd ### ftpd logs !ftpd *.* /var/log/ftpd ### pppd logs !pppd *.* /var/log/pppd ### named logs !named *.* /var/log/named !xntpd *.* /var/log/xntpd ### emergencies to everyone *.emerg;local0,local1.none * -- end -- On Sun, 27 Jun 1999, Art Neilson, KH7PZ wrote: : I noticed the release notes for FreeBSD 3.2 state tcp_wrappers is now : part of the system. If this is the case, where is tcpd ??? I installed : the full set of stuff and no tcpd is found. Does it just mean the network : daemons are compiled with tcp_wrappers? I installed the tcp_wrappers port : and it seems to work fine, it's blocking access per hosts.allow rules : however I can't seem to get it to log the activity. Looks like it defaults : to auth.info severity in the ALL: ALL: rule at the bottom of the canned : hosts.allow. I added a syslog line to capture these messages, it looks like : : # $Id: syslog.conf,v 1.9 1998/10/14 21:59:55 nate Exp $ : # : # Spaces are NOT valid field separators in this file. : # Consult the syslog.conf(5) manpage. : *.err;kern.debug;auth.notice;mail.crit /dev/console : *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages : mail.info /var/log/maillog : lpr.info /var/log/lpd-errs : auth.info /var/log/security.log : ntp.* /var/log/xntpd.log : cron.* /var/cron/log : *.err root : *.notice;news.err root : *.alert root : *.emerg * : # uncomment these if you're running inn : # news.crit /var/log/news/news.crit : # news.err /var/log/news/news.err : # news.notice /var/log/news/news.notice : !dhclient : *.* /var/log/dhclient.log : !startslip : *.* /var/log/slip.log : !ppp : *.* /var/log/ppp.log : : What am I doing wrong??? security.log does not get updated when I block : access : intentionally to a machine in my internal network and test the access to : insure : tcp_wrappers is working. I do get a deny message to a terminal I am : testing from : i.e. I attempt a telnet session and tcpd looks up the rules and denies just : fine : I am just not getting the log.... : : : : __ : / ) _/_ It is a capital mistake to theorise before one has data. : /--/ __ / Insensibly one begins to twist facts to suit theories, : / (_/ (_<__ Instead of theories to suit facts. : -- Sherlock Holmes, "A Scandal in Bohemia" : Arthur W. Neilson III, KH7PZ : Bank of Hawaii Tech Support : art@hawaii.rr.com : : : : To Unsubscribe: send mail to majordomo@FreeBSD.org : with "unsubscribe freebsd-questions" in the body of the message : : -- matt@AIC-GW.MLINK.NET To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9906271837380.22533-100000>