Date: Wed, 2 Apr 2003 07:47:57 -0600 From: D J Hawkey Jr <hawkeyd@visi.com> To: Yar Tikhiy <yar@freebsd.org> Cc: security@freebsd.org Subject: Re: LOG_AUTHPRIV and the default syslog.conf Message-ID: <20030402074757.A8776@sheol.localdomain> In-Reply-To: <20030402133625.GA81907@comp.chem.msu.su>; from yar@freebsd.org on Wed, Apr 02, 2003 at 05:36:25PM %2B0400 References: <20030401161142.GA19845@comp.chem.msu.su> <5.2.0.9.0.20030402074159.0741a088@192.168.0.12> <20030402070244.A8569@sheol.localdomain> <20030402133625.GA81907@comp.chem.msu.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 02, at 05:36 PM, Yar Tikhiy wrote: > > On Wed, Apr 02, 2003 at 07:02:44AM -0600, D J Hawkey Jr wrote: > > > > FWIW, long ago, I set one of mine up as: > > > > *.err;authpriv.none /dev/console > > *.notice;auth.info;kern.debug;security.none;local0.none;authpriv.none /var/log/messages > > security.*;local0.*;authpriv.* /var/log/security > > > > I must have been thinking the same thing Yar does WRT authpriv and > > /var/log/messages. > > > > Note that I also added local0, for ipmon(8); is it too late to > > consider this hack as well as Yar's? > > Today's style is to send messages from packet filters to > /var/log/security, and from authenticating functions to /var/log/auth.log. No disagreement. This is what I do with local0, and it's just my own preference to "depreciate" auth.log (which I don't advocate as policy). > Additionally I think it would be poor style to use local0 in the > default syslog.conf since local* should be left for site-specific > purposes. I agree completely, but... > Therefore I'd suggest changing src/sbin/ipmon/Makefile > so that it will add ``-DLOGFAC=LOG_SECURITY'' to CFLAGS, and syncing > ipmon.8; so ipmon(8) would behave consistently with the rest of the > system. ...I didn't know about that define! I try to leave /usr/src alone, but if a committer did this, I'd be all for it. I hereby revoke my request. > Yar Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030402074757.A8776>