[vox-tech] some syslog questions
Peter Jay Salzman
vox-tech@lists.lugod.org
Tue, 29 Jul 2003 09:49:13 -0700
some questions i've been meaning to ask for awhile...
1. when a logging request is handled and matched by a rule, does logging
end there (as with procmail) or does it continue for further logging?
in other words, in this example:
*.emerg *
mail.emerg /var/log/mail.emerg
do mail emergencies get forwarded to all logged in users AND get logged
to a file? or do they just get forwarded to all logged in users?
2. is there any way to determine the facility log level of a message?
for instance, once this message got logged:
Jul 25 10:29:06 satan lpd[17559]: satan requests printjob lp
were the facility and log level irretrievably lost? in this example,
the facility is lpr, not lpd (there's no lpd facility). and the level
is probably "info" or something like that. it would be useful to know
for sure.
3. i wrapped exim with tcpd so i can use hosts.deny to "blackhole"
domains that constantly spam. that means i get logs in daemon.log like:
Jul 29 09:18:19 satan exim[26553]: connect from murphy.debian.org
Jul 25 09:06:58 satan exim[15324]: refused connect from 218.5.148.246
everytime anybody makes an SMTP connection. i really don't want to see
this. i believe that even though it says "exim", tcpd is doing the
actual logging. and since it's a tcpd refusal/acceptance, these
messages are no different, in principle, from messages saying that some
hacker is trying to connect with portmap, or lucifer is trying to mount
an NFS partition from satan.
my gut feeling is that i can't stop these exim messages. i'm hoping i'm
wrong. any ideas?
thanks,
pete
--
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D