Date: Thu, 7 Jan 1999 15:36:15 +0300 From: Vadim Kolontsov <vadim@tversu.ru> To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: kernel/syslogd hack Message-ID: <19990107153615.A27741@tversu.ru> In-Reply-To: <199901070257.SAA02565@salsa.gv.tsc.tdk.com>; from Don Lewis on Wed, Jan 06, 1999 at 06:57:22PM -0800 References: <vadim@tversu.ru> <199901070257.SAA02565@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Wed, Jan 06, 1999 at 06:57:22PM -0800, Don Lewis wrote: > } Yes, it's clear. And I like this approach much better than my > } attempts. So if everybody think that using SCM_CREDS is a good idea, > } may be it should be included in -current? > > I think so. I would like to try to do it, and post results here (if nobody already did it) > } It will not break anything > } (the only thing which will be changed is log format, but using new > } feature can be optional -- just another option for syslogd). And it's > } not hard to implement. > > Changing the log format could be bad because it could mess up various > log parsing scripts. An option would be nice. It would even be > better if the format could be selected for each logfile. I don't > know how that could be worked into the syslog.conf format, though. what's about 3rd (optional) 'options' field in syslog.conf? By the way, I'm also thinking that it would be useful to add an ability to filter logs by source machine. My patch for syslogd understand the following syntax in syslog.conf: [machine:]selector;selector;selector action So only new (and optional) field is "machine:". It's hostname + domain. It's too simple; may be IP ranges, netmasks etc can be useful. "machine" can be "*" (or simply skipped) - it means that this line works for all source addresses.. I don't sure that it's ideal syntax if you have a lot of machines (but it works ok with m4 or copy'n'paste :) Regards, V. -- Vadim Kolontsov Tver Internet Center NOC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990107153615.A27741>