From owner-freebsd-security  Thu Oct  8 10:09:02 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA03314
          for freebsd-security-outgoing; Thu, 8 Oct 1998 10:09:02 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from orion.ac.hmc.edu (Orion.AC.HMC.Edu [134.173.32.20])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA03299
          for <freebsd-security@FreeBSD.ORG>; Thu, 8 Oct 1998 10:08:58 -0700 (PDT)
          (envelope-from brooks@one-eyed-alien.net)
From: brooks@one-eyed-alien.net
Received: from localhost (brdavis@localhost)
	by orion.ac.hmc.edu (8.8.8/8.8.8) with SMTP id KAA13294;
	Thu, 8 Oct 1998 10:08:32 -0700 (PDT)
X-Authentication-Warning: orion.ac.hmc.edu: brdavis owned process doing -bs
Date: Thu, 8 Oct 1998 10:08:32 -0700 (PDT)
X-Sender: brdavis@orion.ac.hmc.edu
To: "Jeffrey J. Mountin" <jeff-ml@mountin.net>
cc: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>,
        freebsd-security@FreeBSD.ORG
Subject: Re: The necessary steps for logging (the problem is fixed) 
In-Reply-To: <3.0.3.32.19981008015245.00feeec4@207.227.119.2>
Message-ID: <Pine.SOL.4.02.9810081004480.5519-100000@orion.ac.hmc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 8 Oct 1998, Jeffrey J. Mountin wrote:

> >A syslogd.conf syntax checker (as mentioned in an earlier posting) 
> >might be a better solution.  It could be run at boot or via cron and 
> >email its results to the sysadmin.  This could be written as a small 
> >Perl script.
> 
> Agreed.  Wouldn't awk be a shorter/better way though?

If all you want is syntax checking, probably.  However, at least under
Solaris, syslog can bite you all sorts of different ways due to the fact
that you can't get warnings unless you run it in debug mode.  In addition
to syntax checking my perl script warns you about thinks like non-existant
files (syslog doesn't create files on solaris), non-existant loghsts, and
bogus users.  It's even got an option to create the necessicary files.  I
don't think I'd want to go to the effort of doing that in awk. :-)

-- Brooks


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message