Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 25 Oct 1998 22:28:19 -0600
From:      "Jeffrey J. Mountin" <jeff-ml@mountin.net>
To:        Mike Jenkins <mjenkins@carp.gbr.epa.gov>, madrapour@hotmail.com
Cc:        freebsd-security@FreeBSD.ORG
Subject:   RE: Again logging!
Message-ID:  <3.0.3.32.19981025222819.00fd1a00@207.227.119.2>
In-Reply-To: <199810260125.TAA06945@carp.gbr.epa.gov>
References:  <19981025111336.23216.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 07:25 PM 10/25/98 -0600, Mike Jenkins wrote:
>I just installed the tcp_wrappers package and wrapped telnetd to test.
>The first thing I noticed was that tcpd only syslogged denied connections.
>(The message went to /var/log/messages.)  The second thing I noticed was
>that argv[0] is the service name (telnetd) and not tcpd.  Therefore,
>the tag for tcpd in syslog.conf is not going to work.

Interesting.

>Turns out tcpd logs both allowed and denied connections. You only
>see the denied ones because the default syslog.conf logs auth.notice 
>but not auth.info (the tcp_wrappers port/package uses the auth facility).
>Add an auth line to the top of syslog.conf sort of like this:
>
>  auth.*<TAB><TAB><TAB><TAB><TAB><TAB>/var/log/auth.log
>
>And, of course, create /var/log/auth.log and HUP syslogd.

I don't think he wanted it to go to auth.  Still prefer to change line 319
of patch-aa, recompile, and edit syslog.conf.

  ################################################################
  # Optional: Changing the default disposition of logfile records
***************
*** 484,490 ****
  #
  # The LOG_XXX names below are taken from the /usr/include/syslog.h file.

! FACILITY= LOG_MAIL    # LOG_MAIL is what most sendmail daemons use
 
  # The syslog priority at which successful connections are logged.
  
--- 484,491 ----
  # 
  # The LOG_XXX names below are taken from the /usr/include/syslog.h file.

! #FACILITY= LOG_MAIL   # LOG_MAIL is what most sendmail daemons use
! FACILITY= LOG_LOCAL7
            ^^^^^^^^^^

Pretty simple.


Jeff Mountin - Unix Systems TCP/IP networking
jeff@mountin.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.3.32.19981025222819.00fd1a00>