Date: Sun, 04 Oct 1998 07:21:16 PDT From: "N. N.M" <madrapour@hotmail.com> To: freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging Message-ID: <19981004142118.14299.qmail@hotmail.com>
next in thread | raw e-mail | index | archive | help
Dear Niall
I killed the syslogd and then reun it again in debug mode. A part of the
output of the running syslogd -d is as follow. Note that Wall is the
name of machine. Sorry if it's so long. I defined the noice and alert
messages to go to the files with correspondent names (notice and alert),
but it didn't work. Also the logging of ftp and ipfw was unsuccessful
and as you see there are some error messages (unknown priority name)
after the lines relevant to ftp and ipfw.
off & running....
init
cfline("*.err;kern.debug;auth.notice;mail.crit /dev/console", f, "*")
cfline("*.notice;kern.debug;lpr.info;mail.crit;news.err
/var/log/messages", f, "*")
cfline("ftp.* /var/log/ftpd", f, "*")
syslogd: unknown priority name ""
logmsg: pri 53, flags 4, from wall, msg syslogd: unknown priority name
""
Logging to CONSOLE /dev/console
cfline("cron.* var/cron/log", f, "*")
cfline("*.err root", f, "*")
cfline("*.err /var/log/error", f, "*")
cfline("*.notice;news.err root", f, "*")
cfline("*.notice /var/log/notice", f, "*")
cfline("*.alert root", f, "*")
cfline("*.alert /var/log/alert", f, "*")
cfline("*.emerg *", f, "*")
cfline("*.emerg /var/log/emerg", f, "*")
cfline("*.* /var/log/ipfw", f, "ipfw")
syslogd: unknown priority name ""
logmsg: pri 53, flags 4, from wall, msg syslogd: unknown priority name
""
Logging to CONSOLE /dev/console
cfline("*.* log/slip.log", f, "startslip")
cfline("*.* /var/log/ppp.log", f, "ppp")
7 3 2 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console
7 5 2 5 5 5 6 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X FILE:
/var/log/messages
X X X X X X X X X X X 8 X X X X X X X X X X X X X UNUSED:
X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/cron/log
3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X USERS: root,
3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X USERS: ,
5 5 5 5 5 5 5 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: root,
5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: ,
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: root,
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: ,
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL:
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X USERS: ,
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X UNUSED: (ipfw)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE:
/var/log/slip.log (startslip)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/ppp.log
(ppp)
logmsg: pri 56, flags 4, from wall, msg syslogd: restart
syslogd: restarted
readfds = 0x38
readfds = 0x38
readfds = 0x38
readfds = 0x38
got a message (1, 0x8)
logmsg: pri 116, flags 0, from wall, msg Oct 4 16:15:00 CRON[9617]:
(root) CMD (/usr/libexec/atrun)
Logging to FILE /var/cron/log
readfds = 0x38
readfds = 0x38
readfds = 0x38
readfds = 0x38
readfds = 0x38
readfds = 0x38
readfds = 0x38
readfds = 0x38
got a message (1, 0x8)
logmsg: pri 36, flags 0, from wall, msg Oct 4 16:18:02 inetd[9134]:
telnet from 195.96.144.99
........
What do you think is wrong?
Nazila N.
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981004142118.14299.qmail>