/var/log/secure instead of maillog

Brought to you by: cjs

/var/log/secure instead of maillog

Forum: Open Discussion

Created: 2001-03-17

Updated: 2001-12-18

Brian - 2001-03-17

I decided to use the secure log instead of the maillog. My maillog grows about 20 megs a day and after about three days, the daemon starts to wig out on me. Here is the code for Scan Addr:

sub scanaddr ($) {

my $s = $_[0];
my @paddrs; # Packed IP addresses.
my @addrs; # ASCII addresses.
my $junk;

if ($s =~ m/from /) {

$s =~ s/.*from (\S+).*/$1/;

#$s =~ s/.*\[(\S+)\].*/$1/;

push(@addrs, $s);

return @addrs;
}

return ();
}

Dont forget to relocate $logfile!

Bfons

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous - 2001-12-18
  
  when i successfully login to the pop server i get the following in my /var/log/secure
  
  Dec 18 13:50:26 hostname xinetd[19384]: START: pop3 pid=19630 from=209.xx.xx.xx
  
  when i attempt to login with a bad password i get the following..
  
  Dec 18 14:14:47 hostname xinetd[19384]: START: pop3 pid=19735 from=209.xx.xx.xx
  
  so, how do you expect to differ and authenticated user and a non authenticated user? all i have to do is attempt to retrieve email from you server and after i fail then i can send mail through your server? how do you expect that to work?
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.