Date: Tue, 8 Jun 1999 03:50:03 -0700 (PDT) From: David Malone <dwmalone@maths.tcd.ie> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/11960: inetd built in wrapping doesn't log like tcpd does. Message-ID: <199906081050.DAA25545@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/11960; it has been noted by GNATS. From: David Malone <dwmalone@maths.tcd.ie> To: Sheldon Hearn <sheldonh@uunet.co.za> Cc: freebsd-gnats-submit@freebsd.org Subject: Re: bin/11960: inetd built in wrapping doesn't log like tcpd does. Date: Tue, 08 Jun 1999 11:41:01 +0100 > I don't understand your patch. You want to always log all connections, > and all at allow_severity (auth.info)? What functionality does this > offer us over what we've got now, given that this deprecates the '-l' > option. Yup - we should call syslog for every connection with allow_severity for the level. For a start this is what tcpd does, but for a second allow_severity can be changed by the call to hosts_access, to be anything you like, so it may or may not end up in a log file, depending on if your syslog.conf. For example, suppose you want to log all rlogin connections with a high priority, but don't want to log mail connections which are rejected 'cos the IP address can't be resolved. Then you can have the following lines in /etc/hosts.allow: in.rlogind rlogind: ALL : rfc931 1 : severity local0.warning : allow smtpd: UNKNOWN : severity local0.info : deny Using tcpd this produces the desired effect. Using inetd wrapping you get none of the rlogind connections logged 'cos they were all successful. Using "inetd -l" we get all the connections logged, including the smtpd ones we don't want. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906081050.DAA25545>