Date: Sun, 25 Oct 1998 19:25:29 -0600 (CST) From: Mike Jenkins <mjenkins@carp.gbr.epa.gov> To: madrapour@hotmail.com Cc: freebsd-security@FreeBSD.ORG Subject: RE: Again logging! Message-ID: <199810260125.TAA06945@carp.gbr.epa.gov> In-Reply-To: <19981025111336.23216.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: "N. N.M" <madrapour@hotmail.com> > Subject: RE: Again logging! > > !tcpd > *.*<tab><tab><tab><tab><tab>/var/log/tcpd > > And a file named tcpd in the /var/log which is owned to root and its > permission is 774. > > What else should I do to make it work? I just installed the tcp_wrappers package and wrapped telnetd to test. The first thing I noticed was that tcpd only syslogged denied connections. (The message went to /var/log/messages.) The second thing I noticed was that argv[0] is the service name (telnetd) and not tcpd. Therefore, the tag for tcpd in syslog.conf is not going to work. Turns out tcpd logs both allowed and denied connections. You only see the denied ones because the default syslog.conf logs auth.notice but not auth.info (the tcp_wrappers port/package uses the auth facility). Add an auth line to the top of syslog.conf sort of like this: auth.*<TAB><TAB><TAB><TAB><TAB><TAB>/var/log/auth.log And, of course, create /var/log/auth.log and HUP syslogd. Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810260125.TAA06945>