From owner-freebsd-security Sun Oct 25 18:52:36 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA14845 for freebsd-security-outgoing; Sun, 25 Oct 1998 18:52:36 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from carp.gbr.epa.gov (carp.gbr.epa.gov [204.46.159.110]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA14838 for ; Sun, 25 Oct 1998 18:52:30 -0800 (PST) (envelope-from mjenkins@carp.gbr.epa.gov) Received: (from mjenkins@localhost) by carp.gbr.epa.gov (8.8.8/8.8.8) id TAA06945; Sun, 25 Oct 1998 19:25:29 -0600 (CST) (envelope-from mjenkins) Date: Sun, 25 Oct 1998 19:25:29 -0600 (CST) From: Mike Jenkins Message-Id: <199810260125.TAA06945@carp.gbr.epa.gov> To: madrapour@hotmail.com Subject: RE: Again logging! Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <19981025111336.23216.qmail@hotmail.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > From: "N. N.M" > Subject: RE: Again logging! > > !tcpd > *.*/var/log/tcpd > > And a file named tcpd in the /var/log which is owned to root and its > permission is 774. > > What else should I do to make it work? I just installed the tcp_wrappers package and wrapped telnetd to test. The first thing I noticed was that tcpd only syslogged denied connections. (The message went to /var/log/messages.) The second thing I noticed was that argv[0] is the service name (telnetd) and not tcpd. Therefore, the tag for tcpd in syslog.conf is not going to work. Turns out tcpd logs both allowed and denied connections. You only see the denied ones because the default syslog.conf logs auth.notice but not auth.info (the tcp_wrappers port/package uses the auth facility). Add an auth line to the top of syslog.conf sort of like this: auth.*/var/log/auth.log And, of course, create /var/log/auth.log and HUP syslogd. Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message