Rick Beebe <BEEBE_at_BIOMED.MED.YALE.EDU> provided a bit more info on
tailoring syslog to write the tcpwrapper logs to a unique location...
Check the makefile for FACILITY and SEVERITY and see what they're set for.
(mail.info in my case). Then check syslog.conf to find out where that's
being logged. If you want it totally separate I would try changing the
Makefile to, say, FACILITY=LOG_LOCAL1 and then in syslog.conf put
local1.info /var/adm/syslog.dated/tcpd.log
If you edit syslog.conf you do have to kill and restart syslogd. Supposedly
you can send it a -HUP but that hasn't always worked when I've tried it.
-------------------------------------
Many thanks for the speedy responses. I had two problems that have been
resolved. 1) I was stupidly killing the syslogd process rather than the
inetd process (should be kill -HUP) and 2) tcpd is sending the log
output to syslog.dated mail.log (a bit of a surprise).
Ryan (rwn_at_udayton.edu) replied:
"We are using local7 to log to syslog here
because I think it keeps things neater. The entry looks like this:
local7.debug /var/adm/syslog.dated/tcpd.log
and all our incoming connections are logged here. Of course, we
built tcpwrappers with the option to log to the local7 facility,
so you would have to do that. "
This seems like an excellent idea now that I've got it working.
Many thanks for you help:
Mike Iglesias <iglesias_at_draco.acs.uci.edu>
"Sean O'Connell" <sean_at_stat.Duke.EDU>
George Gallen <ggallen_at_slackinc.com>
"Ryan Niemes" <NIEMES_at_opus.oca.udayton.edu>
Juan Gallego <Little.Boss_at_physics.mcgill.ca>
Bruce Taube <Bruce.Taube_at_InfoAve.Net>
"Bernard van Vught" <bernard_at_intouch.co.za>
------------- End Forwarded Message -------------
Received on Thu Apr 30 1998 - 17:07:48 NZST