From owner-freebsd-bugs  Tue Jun  8  3:50:24 1999
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 6B14D14EF9
	for <freebsd-bugs@FreeBSD.org>; Tue,  8 Jun 1999 03:50:03 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id DAA25545;
	Tue, 8 Jun 1999 03:50:03 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Date: Tue, 8 Jun 1999 03:50:03 -0700 (PDT)
Message-Id: <199906081050.DAA25545@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: David Malone <dwmalone@maths.tcd.ie>
Subject: Re: bin/11960: inetd built in wrapping doesn't log like tcpd does. 
Reply-To: David Malone <dwmalone@maths.tcd.ie>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR bin/11960; it has been noted by GNATS.

From: David Malone <dwmalone@maths.tcd.ie>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: bin/11960: inetd built in wrapping doesn't log like tcpd does. 
Date: Tue, 08 Jun 1999 11:41:01 +0100

 > I don't understand your patch. You want to always log all connections,
 > and all at allow_severity (auth.info)? What functionality does this
 > offer us over what we've got now, given that this deprecates the '-l'
 > option.
 
 Yup - we should call syslog for every connection with allow_severity for
 the level. For a start this is what tcpd does, but for a second
 allow_severity can be changed by the call to hosts_access, to be anything
 you like, so it may or may not end up in a log file, depending on if your
 syslog.conf.
 
 For example, suppose you want to log all rlogin connections with a
 high priority, but don't want to log mail connections which are rejected
 'cos the IP address can't be resolved. Then you can have the following
 lines in /etc/hosts.allow:
 
 in.rlogind rlogind: ALL : rfc931 1 : severity local0.warning : allow
 smtpd: UNKNOWN : severity local0.info : deny
 
 Using tcpd this produces the desired effect. Using inetd wrapping you
 get none of the rlogind connections logged 'cos they were all successful.
 Using "inetd -l" we get all the connections logged, including the smtpd
 ones we don't want.
 
 	David.
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message