Date: Fri, 18 Sep 1998 12:02:44 -0700 From: Studded <Studded@dal.net> To: Mike Grommet <mgrommet@insolwwb.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: 2nd try + update: whats wrong with this sylog.conf? Message-ID: <3602AE54.107175ED@dal.net> References: <004301bde319$d3d54960$0cf896d0@work2.insolwwb.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Grommet wrote: > I did recently install tcp_wrappers, but I've tried this with both the > pre-tcp_wrapper inetd.conf file > and the current one, and still did the same thing. I'm not sure why tcp wrappers is relevant... does it say it logs on authpriv? > I've been trying to modify my syslog.conf to give more > organized logging abilities... Everything seems to work ok except for the > /var/log/secure... > > heres the conf file. Despite my cut and paste here, there really are tabs > between the lhs and the rhs... > Heck I even copied this off of a working bsdi 3.1 machine that works fine... Doesn't mean it will work on FreeBSD, although BSDi is a close relative. > still didnt work for me. > the /var/log/secure file has been created and has permissions > ->rw------- 1 root bin 0 Sep 17 11:01 secure > > And of course, I have restarted syslogd... boy that would have been a silly > mistake eh? > > Also, when I put my syslogd into debug mode, it never says anything about > logging into /var/log/secure... > so what have I missed here? First question, what is it that you think should be logged to authpriv? According to the sources for -Stable, the only thing logged there is some stuff for uucpd and failed attempts from /usr/bin/login. However, in my brief testing a deliberately failed login wasn't recorded when I tried a configuration similar to yours, so I'd say this is probably a bug. You might want to submit a PR on it. > ----- START OF CONF ----- This is a simple conf file, but doesnt work.... > > *.err;kern.*;auth.notice;authpriv.none;mail.crit /dev/console > kern.*;auth.notice;authpriv.none;mail.crit /dev/console > *.notice;authpriv,ftp,uucp,cron,news.none;kern.debug;mail.crit > /var/log/messages > authpriv.* /var/log/secure > lpr.info /var/log/lpd-errs > mail.* /var/log/maillog > uucp.* /var/spool/uucp/errors > cron.* /var/log/cron > ftp.* /var/log/ftp.log > daemon.* /var/log/daemon.log > *.emerg * > *.notice;auth.debug;authpriv.none root > > --- END OF CONF ----- It's unusual that the /var/log/secure file isn't mentioned here.... mine is mentioned. > here is the syslogd -d output.... > 8 3 2 3 5 3 3 3 3 3 X 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console > 8 X 2 X 5 X X X X X X X X X X X X X X X X X X X X CONSOLE: /dev/console > 7 5 2 5 5 5 5 X X X X X 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages > X X X X X X X X X X 8 X X X X X X X X X X X X X X FILE: /var/log/secure > X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs > X X 8 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog > X X X X X X X X 8 X X X X X X X X X X X X X X X X UNUSED: > X X X X X X X X X 8 X X X X X X X X X X X X X X X UNUSED: > X X X X X X X X X X X 8 X X X X X X X X X X X X X FILE: /var/log/ftp.log > X X X 8 X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/daemon.log > 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: > 5 5 5 5 7 5 5 5 5 5 X 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: root, > logmsg: pri 56, flags 4, from backup, msg syslogd: restart > syslogd: restarted To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3602AE54.107175ED>