LOG_AUTHPRIV and the default syslog.conf
Yar Tikhiy
yar at freebsd.org
Wed Apr 2 05:36:34 PST 2003
On Wed, Apr 02, 2003 at 07:02:44AM -0600, D J Hawkey Jr wrote:
>
> FWIW, long ago, I set one of mine up as:
>
> *.err;authpriv.none /dev/console
> *.notice;auth.info;kern.debug;security.none;local0.none;authpriv.none /var/log/messages
> security.*;local0.*;authpriv.* /var/log/security
>
> I must have been thinking the same thing Yar does WRT authpriv and
> /var/log/messages.
>
> Note that I also added local0, for ipmon(8); is it too late to
> consider this hack as well as Yar's?
Today's style is to send messages from packet filters to
/var/log/security, and from authenticating functions to /var/log/auth.log.
Additionally I think it would be poor style to use local0 in the
default syslog.conf since local* should be left for site-specific
purposes. Therefore I'd suggest changing src/sbin/ipmon/Makefile
so that it will add ``-DLOGFAC=LOG_SECURITY'' to CFLAGS, and syncing
ipmon.8; so ipmon(8) would behave consistently with the rest of the
system.
--
Yar
More information about the freebsd-security
mailing list