Date: Wed, 2 Apr 2003 07:02:44 -0600 From: D J Hawkey Jr <hawkeyd@visi.com> To: Mike Tancsa <mike@sentex.net> Cc: security@freebsd.org Subject: Re: LOG_AUTHPRIV and the default syslog.conf Message-ID: <20030402070244.A8569@sheol.localdomain> In-Reply-To: <5.2.0.9.0.20030402074159.0741a088@192.168.0.12>; from mike@sentex.net on Wed, Apr 02, 2003 at 07:46:51AM -0500 References: <20030401161142.GA19845@comp.chem.msu.su> <5.2.0.9.0.20030402074159.0741a088@192.168.0.12>
next in thread | previous in thread | raw e-mail | index | archive | help
> At 08:11 PM 4/1/2003 +0400, Yar Tikhiy wrote: > >The following patch was proposed: > > > >Index: syslog.conf > >=================================================================== > >RCS file: /home/ncvs/src/etc/syslog.conf,v > >retrieving revision 1.23 > >diff -u -r1.23 syslog.conf > >--- syslog.conf 21 Sep 2002 12:07:35 -0000 1.23 > >+++ syslog.conf 11 Feb 2003 11:39:55 -0000 > >@@ -6,7 +6,7 @@ > > # may want to use only tabs as field separators here. > > # Consult the syslog.conf(5) manpage. > > *.err;kern.debug;auth.notice;mail.crit /dev/console > >-*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages > >+*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err > >/var/log/messages > > security.* /var/log/security > > auth.info;authpriv.info /var/log/auth.log > > mail.info /var/log/maillog > >=================================================================== > > > >Since my PR has received no feedback, I'd like to discuss the above > >problem here before committing my patch. Have I overlooked any > >complications? On Apr 02, at 07:46 AM, Mike Tancsa top-posted: > > I like the change and I dont think it would adversely affect any sites. > > ---Mike FWIW, long ago, I set one of mine up as: *.err;authpriv.none /dev/console *.notice;auth.info;kern.debug;security.none;local0.none;authpriv.none /var/log/messages security.*;local0.*;authpriv.* /var/log/security I must have been thinking the same thing Yar does WRT authpriv and /var/log/messages. Note that I also added local0, for ipmon(8); is it too late to consider this hack as well as Yar's? Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030402070244.A8569>