-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 29 July 2003 09:49 am, Peter Jay Salzman wrote: > some questions i've been meaning to ask for awhile... > > > 1. when a logging request is handled and matched by a rule, does logging > end there (as with procmail) or does it continue for further logging? > in other words, in this example: > > *.emerg * > > mail.emerg /var/log/mail.emerg > > do mail emergencies get forwarded to all logged in users AND get logged > to a file? or do they just get forwarded to all logged in users?
A syslog message will be matched multiple times. I'm using a syslog daemon that supports logging to a MySQL database, and I have it logging both to the database, AND to the usual flat files. > 2. is there any way to determine the facility log level of a message? > for instance, once this message got logged: > > Jul 25 10:29:06 satan lpd[17559]: satan requests printjob lp > > were the facility and log level irretrievably lost? in this example, > the facility is lpr, not lpd (there's no lpd facility). and the level > is probably "info" or something like that. it would be useful to know > for sure. It's not logged to the usual files. Try a diffrent syslog deamon, or look in the man page, there may be a way to make it log that information. At work I'm using msyslog http://msyslog.sf.net/, and the MySQL logger module can save this information (not by default), and I have it set to do so. > 3. i wrapped exim with tcpd so i can use hosts.deny to "blackhole" > domains that constantly spam. that means i get logs in daemon.log like: > > Jul 29 09:18:19 satan exim[26553]: connect from murphy.debian.org > Jul 25 09:06:58 satan exim[15324]: refused connect from 218.5.148.246 > > everytime anybody makes an SMTP connection. i really don't want to see > this. i believe that even though it says "exim", tcpd is doing the > actual logging. and since it's a tcpd refusal/acceptance, these > messages are no different, in principle, from messages saying that some > hacker is trying to connect with portmap, or lucifer is trying to mount > an NFS partition from satan. > > my gut feeling is that i can't stop these exim messages. i'm hoping i'm > wrong. any ideas? You could drop them in iptables. Iptables rocks :-) - -- PGP/GPG Fingerprint: 3B30 C6BE B1C6 9526 7A90 34E7 11DF 44F3 7217 7BC7 On pgp.mit.edu, import with `gpg --keyserver pgp.mit.edu --recv-key 72177BC7` Also available at http://www.cal.net/~ryan/ryan_at_mother_dot_com.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/Jsb+Ed9E83IXe8cRAnz8AJ0cAjwK2m0teCvaCVXOGgBB6De8ewCeMSC8 u8F8oS5GmT1sFGxoG9Az7Ec= =4eMG -----END PGP SIGNATURE----- _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
