From owner-freebsd-questions Fri Sep 18 12:03:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA11316 for freebsd-questions-outgoing; Fri, 18 Sep 1998 12:03:25 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from dt053nb4.san.rr.com (dt053nb4.san.rr.com [204.210.34.180]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA11310 for ; Fri, 18 Sep 1998 12:03:23 -0700 (PDT) (envelope-from Studded@dal.net) Received: from dal.net (Studded@localhost [127.0.0.1]) by dt053nb4.san.rr.com (8.8.8/8.8.8) with ESMTP id MAA01702; Fri, 18 Sep 1998 12:02:45 -0700 (PDT) (envelope-from Studded@dal.net) Message-ID: <3602AE54.107175ED@dal.net> Date: Fri, 18 Sep 1998 12:02:44 -0700 From: Studded Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.06 [en] (X11; I; FreeBSD 2.2.7-STABLE-0918 i386) MIME-Version: 1.0 To: Mike Grommet CC: freebsd-questions@FreeBSD.ORG Subject: Re: 2nd try + update: whats wrong with this sylog.conf? References: <004301bde319$d3d54960$0cf896d0@work2.insolwwb.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Mike Grommet wrote: > I did recently install tcp_wrappers, but I've tried this with both the > pre-tcp_wrapper inetd.conf file > and the current one, and still did the same thing. I'm not sure why tcp wrappers is relevant... does it say it logs on authpriv? > I've been trying to modify my syslog.conf to give more > organized logging abilities... Everything seems to work ok except for the > /var/log/secure... > > heres the conf file. Despite my cut and paste here, there really are tabs > between the lhs and the rhs... > Heck I even copied this off of a working bsdi 3.1 machine that works fine... Doesn't mean it will work on FreeBSD, although BSDi is a close relative. > still didnt work for me. > the /var/log/secure file has been created and has permissions > ->rw------- 1 root bin 0 Sep 17 11:01 secure > > And of course, I have restarted syslogd... boy that would have been a silly > mistake eh? > > Also, when I put my syslogd into debug mode, it never says anything about > logging into /var/log/secure... > so what have I missed here? First question, what is it that you think should be logged to authpriv? According to the sources for -Stable, the only thing logged there is some stuff for uucpd and failed attempts from /usr/bin/login. However, in my brief testing a deliberately failed login wasn't recorded when I tried a configuration similar to yours, so I'd say this is probably a bug. You might want to submit a PR on it. > ----- START OF CONF ----- This is a simple conf file, but doesnt work.... > > *.err;kern.*;auth.notice;authpriv.none;mail.crit /dev/console > kern.*;auth.notice;authpriv.none;mail.crit /dev/console > *.notice;authpriv,ftp,uucp,cron,news.none;kern.debug;mail.crit > /var/log/messages > authpriv.* /var/log/secure > lpr.info /var/log/lpd-errs > mail.* /var/log/maillog > uucp.* /var/spool/uucp/errors > cron.* /var/log/cron > ftp.* /var/log/ftp.log > daemon.* /var/log/daemon.log > *.emerg * > *.notice;auth.debug;authpriv.none root > > --- END OF CONF ----- It's unusual that the /var/log/secure file isn't mentioned here.... mine is mentioned. > here is the syslogd -d output.... > 8 3 2 3 5 3 3 3 3 3 X 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console > 8 X 2 X 5 X X X X X X X X X X X X X X X X X X X X CONSOLE: /dev/console > 7 5 2 5 5 5 5 X X X X X 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages > X X X X X X X X X X 8 X X X X X X X X X X X X X X FILE: /var/log/secure > X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs > X X 8 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog > X X X X X X X X 8 X X X X X X X X X X X X X X X X UNUSED: > X X X X X X X X X 8 X X X X X X X X X X X X X X X UNUSED: > X X X X X X X X X X X 8 X X X X X X X X X X X X X FILE: /var/log/ftp.log > X X X 8 X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/daemon.log > 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: > 5 5 5 5 7 5 5 5 5 5 X 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: root, > logmsg: pri 56, flags 4, from backup, msg syslogd: restart > syslogd: restarted To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message