tor logging

Kevin Oberman rkoberman at gmail.com
Tue Feb 9 05:45:06 UTC 2016 

On Mon, Feb 8, 2016 at 9:16 PM, William A. Mahaffey III <wam at hiwaay.net>
wrote:

> On 02/08/16 15:52, Polytropon wrote:
>
>> On Mon, 8 Feb 2016 15:36:58 -0553.75, William A. Mahaffey III wrote:
>>
>>> My torrc
>>> files seems to indicate logging to /usr/local/var/log/tor, but no such
>>> file or directory.
>>>
>> Create this directory subtree and an empty log file. Then check
>> if it will actually be used for logging - if that is what the
>> torrc file indicates. Otherwise, set a different logging file,
>> but make sure it does actually exist.
>>
>>
>>
>
> Further review seems to indicate use of the built-in syslog system:
>
> [root at kabini1, /etc, 11:17:03pm] 477 % grep log /usr/local/etc/tor/torrc
> ## may provide sensitive information to an attacker who obtains the logs.
> ## Send all messages of level 'notice' or higher to
> /usr/local/var/log/tor/notices.log
> #Log notice file /usr/local/var/log/tor/notices.log
> ## Send every possible message to /usr/local/var/log/tor/debug.log
> #Log debug file /usr/local/var/log/tor/debug.log
> ## Use the system log instead of Tor's logfiles
> #Log notice syslog
> [root at kabini1, /etc, 11:17:08pm] 478 % grep log
> /usr/local/etc/tor/torrc.default
> ## may provide sensitive information to an attacker who obtains the logs.
> ## Send all messages of level 'notice' or higher to
> /usr/local/var/log/tor/notices.log
> #Log notice file /usr/local/var/log/tor/notices.log
> ## Send every possible message to /usr/local/var/log/tor/debug.log
> #Log debug file /usr/local/var/log/tor/debug.log
> ## Use the system log instead of Tor's logfiles
> Log notice syslog
> [root at kabini1, /etc, 11:17:10pm] 479 % lltr /var/log/tor*
> -rw-r-----  1 _tor  _tor  230140 Jan 21  2015 /var/log/tor.4.bz2
> -rw-r-----  1 _tor  _tor  122109 Feb 23  2015 /var/log/tor.3.bz2
> -rw-r-----  1 _tor  _tor  126723 Mar 30  2015 /var/log/tor.2.bz2
> -rw-r-----  1 _tor  _tor  147674 May 28  2015 /var/log/tor.1.bz2
> -rw-r-----  1 _tor  _tor  166094 Dec  3 00:06 /var/log/tor.0.bz2
> [root at kabini1, /etc, 11:17:19pm] 480 %
>
> In the past (before last upgrade) tor logged to a file in /var/log, see
> above. Afterward, ???? There was a directory named /var/log/tor, owned
> _tor:_tor, but it was empty & I removed it after a week or so & re-created
> it & restarted tor. It restarts OK & seems to be working OK, just no
> logging. Has the amount of logging changed from a couple of months ago ?
>
> --
>
>         William A. Mahaffey III


See UPDATING 20160119: AFFECTS: users of security/tor, security/tor-devel
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman at gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683

More information about the freebsd-questions mailing list