From owner-freebsd-security Thu May 27 0:25:16 1999 Delivered-To: freebsd-security@freebsd.org Received: from axl.noc.iafrica.com (axl.noc.iafrica.com [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id 512FE15777 for ; Thu, 27 May 1999 00:25:08 -0700 (PDT) (envelope-from sheldonh@axl.noc.iafrica.com) Received: from sheldonh (helo=axl.noc.iafrica.com) by axl.noc.iafrica.com with local-esmtp (Exim 3.00 #1) id 10muX0-000Ge2-00; Thu, 27 May 1999 09:24:46 +0200 From: Sheldon Hearn To: Martin Kammerhofer Cc: security@FreeBSD.ORG Subject: Re: TCP connect data logger In-reply-to: Your message of "Wed, 26 May 1999 14:05:14 +0200." Date: Thu, 27 May 1999 09:24:46 +0200 Message-ID: <63985.927789886@axl.noc.iafrica.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 26 May 1999 14:05:14 +0200, Martin Kammerhofer wrote: > Both udp.log_in_vain and tcp.log_in_vain have *no* rate limiting. > Enabling them can generate huge amounts of LOG_INFO messages during > port scans. That's why they're only really useful if syslog writing their output away from sensitive filesystems like /var. There's a lot of material in the archives of this list regarding suitable alternatives (printers, remote syslogd's, dedicated filesystems etc.) so there's no need for us to rehash that now. :-) If I remember correctly, it takes a source hack to get the messages out of the mainstream on a LOG_LOCAL? facility. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message