From owner-freebsd-questions Tue Aug 6 10:37:32 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA02776 for questions-outgoing; Tue, 6 Aug 1996 10:37:32 -0700 (PDT) Received: from asylum.asylum.org (asylum.asylum.org [205.217.4.17]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA02771 for ; Tue, 6 Aug 1996 10:37:28 -0700 (PDT) Received: (from dlr@localhost) by asylum.asylum.org (8.6.10/8.6.9) id MAA06164 for questions@FreeBSD.org; Tue, 6 Aug 1996 12:40:17 -0400 From: dlr Message-Id: <199608061640.MAA06164@asylum.asylum.org> Subject: Re: tcpwrapper logs To: questions@FreeBSD.org Date: Tue, 6 Aug 1996 12:40:16 -0400 (EDT) In-Reply-To: from "Chris Madison" at Aug 6, 96 00:50:55 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-questions@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > > > > > I just read both the syslogd(8), syslog(5) manpages but which > > catergory in /etc/syslog.conf does tcpd fall under? > > %man tpcd > > //... > LOGGING > Connections that are monitored by tcpd are reported > through the syslog(3) facility. Each record contains a > time stamp, the client host name and the name of the > requested service. The information can be useful to > detect unwanted activities, especially when logfile infor- > mation from several hosts is merged. > > In order to find out where your logs are going, examine > the syslog configuration file, usually /etc/syslog.conf. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > //.... > > %man syslog.conf > > read again > > %view syslog.conf > > read a little more and then it should be clear here is the line i put in /etc/syslog.conf to make it work: local0.* /var/log/tcpd.log restart syslog (kill -HUP syslog pid) touch /var/log/tcpd.log Make certain you have tcpd compiled such that it will log to local0 or whatever. Look in the Makefile...it is fairly self explanatory. Make certain that you have tabs instead of spaces in syslog.conf. cheers, dave