SUMMARY Syslog: logging to file

From: Rasana Atreya (Rasana.Atreya@library.ucsf.edu)
Date: Mon Jul 22 1996 - 13:16:49 CDT


Hi!

My grateful thanks to:
"Marcus Pless" <mpless@ljswc.ucsd.edu>
David Pope <pope@carerra.vicinity.com>
vnarayan@haverford.edu (Vasantha Narayanan)
Daniel Barlow <dan@pentacom.co.uk>
smcgee@helios.r07lab.epa.gov (Shaun)
Marina.Daniels@ccd.tas.gov.au (Marina Daniels)
Glenn Satchell <glenn@ind.tansu.com.au>
Chandra P <pcs@tulblr.unisys.com>
Khoo Swee Chuan <sckhoo@asiapac.net>
Torsten Metzner <tom@plato.uni-paderborn.de>
"Cristian Martinez T." <spy@inf.utfsm.cl>

My problem was that I was testing out tcp_wrapper_7.4 on my Sol 2.5 in the
"easy" mode, but could not get it to log to a file. I did give the hangup
signal to syslogd, but I could not get syslogd to log to the file.

I followed David Pope's solution (because that was the first response I got)
and it worked wonderfully. Please see all the responses (lots of good tips)
below.

Please note that the file does have to exist before syslogd will start
logging. Also it's config file may not have any tabs.

Thanks a lot folks!
Rasana

PS: Torsten Metzne alleged the following:
"Have also a look at the README file ( nobody read README's today {;-) )"
I DID read the README, so there!
Maybe just not thoroughly enough!! ;)
---------------------------------------------------------------------------
From: "Marcus Pless" <mpless@ljswc.ucsd.edu>

I can't remember if this is the default or if I always change it,
but all of the machines I use tcp wrappers on use LOCAL3 for the
logging facility. This should be set in the Makefile at compile
time. The entry in the /etc/syslog.conf file looks like the following:

local3.debug /var/log/tcpd.log

Also, make sure you use TABs in the syslog.conf file instead of spaces.

---------------------------------------------------------------------------
From: David Pope <pope@carerra.vicinity.com>

Did you send a HUP to inetd?

If you did, then...

Look in your Makefile for the logging facility and severity. Here's what
I set mine to (from Makefile):

# The LOG_XXX names below are taken from the /usr/include/syslog.h file.
FACILITY= LOG_LOCAL3 # LOG_MAIL is what most sendmail daemons use
 
# The syslog priority at which successful connections are logged.
SEVERITY= LOG_INFO # LOG_INFO is normally not logged to the console
 

then, in my /etc/syslog.conf:

# tcp wrapper information
local3.info /var/TCP-WRAPPER-LOG
---------------------------------------------------------------------------
From: vnarayan@haverford.edu (Vasantha Narayanan)

In the /etc/syslog.conf file replace the mail.debug line with:

mail.debug /var/log/syslog

This will log tcp_wrapper logs along with mail logs in the /var/log/syslog file.

Ofcourse kill -HUP the syslog daemon after you may this entry.

See if this works.

Vasantha
---------------------------------------------------------------------------
From: Daniel Barlow <dan@pentacom.co.uk>

Unfortunately, you still don't have the right facility. The default
destination for tcpd logs is for some reason `mail'. You can alter
this when you build it, or at runtime: my /etc/hosts.allow has

in.comsat: all: severity local1.debug: allow
ALL: ALL: severity local1.info: rfc931:allow

(local1.debug is discarded by syslogd; I get comsat connections
whenever I get mail, so I already know about them)

---------------------------------------------------------------------------
From: smcgee@helios.r07lab.epa.gov (Shaun)

I would assume you checked, but the first thing I would check is file
permissions on /var/TCP-WRAPPER-LOG , and how much space is on that disk.

---------------------------------------------------------------------------
From: Marina.Daniels@ccd.tas.gov.au (Marina Daniels)

When I compiled tcp_wrappers 7.2 I remember somewhere in the code we told it to
log to LOG_LOCAL1 (which is already defined in /usr/include/sys/syslog.h on the
operating system.

This meant we then use
local1.debug /var/adm/tcp_wrappers

and kill -1 the syslog process

---------------------------------------------------------------------------
From: Glenn Satchell <glenn@ind.tansu.com.au>

Make sure you use tabs in the syslog.conf file, spaces won't work!

---------------------------------------------------------------------------
From: Chandra P <pcs@tulblr.unisys.com>

Each of the services should be invoked with debug option (-d), so that
debugging info is written to the system log files.

For this the "/etc/inet/inetd.conf" file ( in SVR4 ) should be modified.
Maybe u should modify the the equivalent file in sol 2.5.

For eg., the line which normally reads
ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd
should be modified as
ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd -d

---------------------------------------------------------------------------
From: Khoo Swee Chuan <sckhoo@asiapac.net>

by default, the tcpd log to mail log file. you need to change to whatever
you want.

---------------------------------------------------------------------------
From: Torsten Metzner <tom@plato.uni-paderborn.de>

Take a look at the Makefile. And there have a look at FACILITY.
Have also a look at the README file ( nobody read README's today {;-) )
At there at section 3.2 - Where the logging information goes

If the entry in your Makefile is:

FACILITY= LOG_LOCAL0 # LOG_MAIL is what most sendmail daemons use
 
then just try the following entry:

local0.debug /var/TCP-WRAPPER-LOG

And you should be sure, that you are using TABS in your syslogd.conf file
between the columns.

---------------------------------------------------------------------------
From: "Cristian Martinez T." <spy@inf.utfsm.cl>

If you want log the information of connections to one file, so you must
define a facility of syslog in the makefile when you compile the tcp_wrapper
program.

For example, I used the uucp facility, because here I don't use it.

So, my syslog.conf:

[....]
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
uucp.debug ifdef(`LOGHOST', /var/log/tcplog, @loghost)

Then, I defined my machine as loghost in the /etc/hosts.
Also, this machine is loghost in the NIS map. With this, all information
of all machines, is logged in my machine in the tcplog file.
---------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ Rasana Atreya Voice: (415) 476-3623 ~
~ Programmer/Analyst and Red Sage Administrator Fax: (415) 476-4653 ~
~ Library & Ctr for Knowledge Mgnt, Univ. of California at San Francisco ~
~ 530 Parnassus Ave, Box 0840, San Francisco, CA 94143-0840 ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:05 CDT