l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 24: LUGOD election season has begun!
Page last updated:
2003 Jul 29 12:13

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] some syslog questions
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] some syslog questions



some questions i've been meaning to ask for awhile...


1. when a logging request is handled and matched by a rule, does logging
end there (as with procmail) or does it continue for further logging?
in other words, in this example:

   *.emerg      *

   mail.emerg   /var/log/mail.emerg

do mail emergencies get forwarded to all logged in users AND get logged
to a file?  or do they just get forwarded to all logged in users?


2. is there any way to determine the facility log level of a message?
for instance, once this message got logged:

   Jul 25 10:29:06 satan lpd[17559]: satan requests printjob lp

were the facility and log level irretrievably lost?  in this example,
the facility is lpr, not lpd (there's no lpd facility).  and the level
is probably "info" or something like that.  it would be useful to know
for sure.


3. i wrapped exim with tcpd so i can use hosts.deny to "blackhole"
domains that constantly spam.  that means i get logs in daemon.log like:

   Jul 29 09:18:19 satan exim[26553]: connect from murphy.debian.org
   Jul 25 09:06:58 satan exim[15324]: refused connect from 218.5.148.246

everytime anybody makes an SMTP connection.  i really don't want to see
this.  i believe that even though it says "exim", tcpd is doing the
actual logging.  and since it's a tcpd refusal/acceptance, these
messages are no different, in principle, from messages saying that some
hacker is trying to connect with portmap, or lucifer is trying to mount
an NFS partition from satan.

my gut feeling is that i can't stop these exim messages.  i'm hoping i'm
wrong.   any ideas?

thanks,
pete

-- 
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.