From owner-freebsd-security  Thu Jan  7 05:57:59 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA19197
          for freebsd-security-outgoing; Thu, 7 Jan 1999 05:57:59 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.149.24])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA19192
          for <freebsd-security@FreeBSD.ORG>; Thu, 7 Jan 1999 05:57:56 -0800 (PST)
          (envelope-from avalon@cheops.anu.edu.au)
Received: (from avalon@localhost)
	by cheops.anu.edu.au (8.9.1/8.9.1) id AAA12004;
	Fri, 8 Jan 1999 00:55:56 +1100 (EDT)
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <199901071355.AAA12004@cheops.anu.edu.au>
Subject: Re: kernel/syslogd hack
To: vadim@tversu.ru (Vadim Kolontsov)
Date: Fri, 8 Jan 1999 00:55:55 +1100 (EDT)
Cc: Don.Lewis@tsc.tdk.com, freebsd-security@FreeBSD.ORG
In-Reply-To: <19990107153615.A27741@tversu.ru> from "Vadim Kolontsov" at Jan 7, 99 03:36:15 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Just so I understand what you're doing, you're recording who sent the
syslog message (and making the message longer) because you're concerned
about users generating fake messages.  Now as it stands, you don't want
to stop them sending fake messages, you just want to know when they
are being sent so you can distinguish real ones from fakes.

Did I get that all right ?

Btw, if you just wanted an enhanced configuration file, nsyslogd does
filtering on IP#'s now.

Darren

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message