From owner-freebsd-questions  Thu Aug 29 10:49:21 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA21063
          for questions-outgoing; Thu, 29 Aug 1996 10:49:21 -0700 (PDT)
Received: from gdi.uoregon.edu (cisco-ts17-line3.uoregon.edu [128.223.150.220])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA21058
          for <questions@freebsd.org>; Thu, 29 Aug 1996 10:49:19 -0700 (PDT)
Received: from localhost (dwhite@localhost) by gdi.uoregon.edu (8.7.5/8.6.12) with SMTP id KAA00375; Thu, 29 Aug 1996 10:49:22 -0700 (PDT)
Date: Thu, 29 Aug 1996 10:49:22 -0700 (PDT)
From: Doug White <dwhite@gdi.uoregon.edu>
Reply-To: dwhite@resnet.uoregon.edu
To: "Neil C. Jensen" <njensen@salsa.habaneros.com>
cc: "'questions@freebsd.org'" <questions@freebsd.org>
Subject: RE: lost /dev/log
In-Reply-To: <01BB94C3.40C97A20@jalapeno.habaneros.com>
Message-ID: <Pine.BSI.3.94.960829104509.229H-100000@gdi.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 28 Aug 1996, Neil C. Jensen wrote:

> Problem solved. I had syslog commented out in /etc/services. Once I 
> uncommented it and restarted inetd.conf, /dev/log appeared and logging 
> started. The boot messages then appeared in the /var/log/messages file.
> 
> One question, though; I had disabled syslog in services while following a 
> security checklist from AUCERT. Why is syslog a security risk? Why won't 
> syslog work without the TCP socket and just the /dev/log?

I have no idea why they removed it, other than so I can't fill your
system log with odd messages if I decide to be evil.  Unfortunately,
syslog is way to inportant to disable.  I don't see a way offhand to
remove the TCP port; I guess you could move it to something else and
change all the systems that log to your machine to use the new port.

Why it wouldn't work w/o the TCP port, my guess would be that some
programs may communicate directly with the program using the loopback
network device instead of the UNIX domain socket. 

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major