From owner-freebsd-security Sun Oct 4 07:21:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA13696 for freebsd-security-outgoing; Sun, 4 Oct 1998 07:21:42 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from hotmail.com (f139.hotmail.com [207.82.251.18]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id HAA13690 for ; Sun, 4 Oct 1998 07:21:38 -0700 (PDT) (envelope-from madrapour@hotmail.com) Received: (qmail 14300 invoked by uid 0); 4 Oct 1998 14:21:18 -0000 Message-ID: <19981004142118.14299.qmail@hotmail.com> Received: from 208.218.169.84 by www.hotmail.com with HTTP; Sun, 04 Oct 1998 07:21:16 PDT X-Originating-IP: [208.218.169.84] From: "N. N.M" To: freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging Content-Type: text/plain Date: Sun, 04 Oct 1998 07:21:16 PDT Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Niall I killed the syslogd and then reun it again in debug mode. A part of the output of the running syslogd -d is as follow. Note that Wall is the name of machine. Sorry if it's so long. I defined the noice and alert messages to go to the files with correspondent names (notice and alert), but it didn't work. Also the logging of ftp and ipfw was unsuccessful and as you see there are some error messages (unknown priority name) after the lines relevant to ftp and ipfw. off & running.... init cfline("*.err;kern.debug;auth.notice;mail.crit /dev/console", f, "*") cfline("*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages", f, "*") cfline("ftp.* /var/log/ftpd", f, "*") syslogd: unknown priority name "" logmsg: pri 53, flags 4, from wall, msg syslogd: unknown priority name "" Logging to CONSOLE /dev/console cfline("cron.* var/cron/log", f, "*") cfline("*.err root", f, "*") cfline("*.err /var/log/error", f, "*") cfline("*.notice;news.err root", f, "*") cfline("*.notice /var/log/notice", f, "*") cfline("*.alert root", f, "*") cfline("*.alert /var/log/alert", f, "*") cfline("*.emerg *", f, "*") cfline("*.emerg /var/log/emerg", f, "*") cfline("*.* /var/log/ipfw", f, "ipfw") syslogd: unknown priority name "" logmsg: pri 53, flags 4, from wall, msg syslogd: unknown priority name "" Logging to CONSOLE /dev/console cfline("*.* log/slip.log", f, "startslip") cfline("*.* /var/log/ppp.log", f, "ppp") 7 3 2 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console 7 5 2 5 5 5 6 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages X X X X X X X X X X X 8 X X X X X X X X X X X X X UNUSED: X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/cron/log 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X USERS: root, 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X USERS: , 5 5 5 5 5 5 5 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: root, 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: , 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: root, 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: , 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X USERS: , 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X UNUSED: (ipfw) 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/slip.log (startslip) 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/ppp.log (ppp) logmsg: pri 56, flags 4, from wall, msg syslogd: restart syslogd: restarted readfds = 0x38 readfds = 0x38 readfds = 0x38 readfds = 0x38 got a message (1, 0x8) logmsg: pri 116, flags 0, from wall, msg Oct 4 16:15:00 CRON[9617]: (root) CMD (/usr/libexec/atrun) Logging to FILE /var/cron/log readfds = 0x38 readfds = 0x38 readfds = 0x38 readfds = 0x38 readfds = 0x38 readfds = 0x38 readfds = 0x38 readfds = 0x38 got a message (1, 0x8) logmsg: pri 36, flags 0, from wall, msg Oct 4 16:18:02 inetd[9134]: telnet from 195.96.144.99 ........ What do you think is wrong? Nazila N. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message