Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Apr 2003 07:47:57 -0600
From:      D J Hawkey Jr <hawkeyd@visi.com>
To:        Yar Tikhiy <yar@freebsd.org>
Cc:        security@freebsd.org
Subject:   Re: LOG_AUTHPRIV and the default syslog.conf
Message-ID:  <20030402074757.A8776@sheol.localdomain>
In-Reply-To: <20030402133625.GA81907@comp.chem.msu.su>; from yar@freebsd.org on Wed, Apr 02, 2003 at 05:36:25PM %2B0400
References:  <20030401161142.GA19845@comp.chem.msu.su> <5.2.0.9.0.20030402074159.0741a088@192.168.0.12> <20030402070244.A8569@sheol.localdomain> <20030402133625.GA81907@comp.chem.msu.su>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Apr 02, at 05:36 PM, Yar Tikhiy wrote:
> 
> On Wed, Apr 02, 2003 at 07:02:44AM -0600, D J Hawkey Jr wrote:
> > 
> > FWIW, long ago, I set one of mine up as:
> > 
> > *.err;authpriv.none				/dev/console
> > *.notice;auth.info;kern.debug;security.none;local0.none;authpriv.none	/var/log/messages
> > security.*;local0.*;authpriv.*			/var/log/security
> > 
> > I must have been thinking the same thing Yar does WRT authpriv and
> > /var/log/messages.
> > 
> > Note that I also added local0, for ipmon(8); is it too late to
> > consider this hack as well as Yar's?
> 
> Today's style is to send messages from packet filters to
> /var/log/security, and from authenticating functions to /var/log/auth.log.

No disagreement. This is what I do with local0, and it's just my own
preference to "depreciate" auth.log (which I don't advocate as policy).

> Additionally I think it would be poor style to use local0 in the
> default syslog.conf since local* should be left for site-specific
> purposes. 

I agree completely, but...

> Therefore I'd suggest changing src/sbin/ipmon/Makefile
> so that it will add ``-DLOGFAC=LOG_SECURITY'' to CFLAGS, and syncing
> ipmon.8; so ipmon(8) would behave consistently with the rest of the
> system.

...I didn't know about that define! I try to leave /usr/src alone, but
if a committer did this, I'd be all for it.

I hereby revoke my request.

> Yar

Dave

-- 
  ______________________                         ______________________
  \__________________   \    D. J. HAWKEY JR.   /   __________________/
     \________________/\     hawkeyd@visi.com    /\________________/
                      http://www.visi.com/~hawkeyd/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030402074757.A8776>