Menu
▾
▴
Re: [Sshguard-maintainers] syslog.conf | (pipe) on Redhat Linux
|
From: Forrest A. <fo...@fo...> - 2007-10-16 20:59:46
|
Sorry for the late reply; got distracted. We're using Redhat Enterprise Linux (latest release) and I'm a little surprised that it has the older syslogd. After reading the manpages and creating the FIFO, I'm still a little confused about how this would be properly called in /etc/syslog.conf. For example, if I have: auth.info;authpriv.* |/usr/local/sbin/sshguard -p 1800 -w /usr/local/etc/sshguard_whitelist I would need to change that to: |/usr/local/sbin/sshguard -p 1800 -w /usr/local/etc/sshguard_whitelist < /path/to/FIFO That doesn't seem right. How does syslogd know to WRITE to the FIFO to begin with, with that directive? It may just be easier for me to install rsyslogd or syslog-ng, but I'd like to eliminate too many variables if possible. Thanks. Mij wrote: > On 07/ott/07, at 17:25, Forrest Aldrich wrote: > > >> It appears we cannot use the same format in Redhat's syslog.conf as I >> can in FreeBSD, ie: the | to a command directive. The manpage >> specifies a "named pipe" for which mkfifo must be used to create >> first. >> >> I read through the manpage and cannot see where else we can pipe the >> output of the logged actions to the stock syslog daemon. Of >> course, the >> solution will be to try a third party application like rsyslogd or >> syslog-ng. However, I wanted to be sure my facts were correct before >> doing so. >> > > thanks for your interest. > > In systems with older syslogds the FIFO is the best solution. It is > clean and > unintrusive. You make syslogd write to the FIFO, and call sshguard like > "sshguard options < FIFO" > > are you preparing a rpm package? Did you see > http://sshguard.sourceforge.net/packages/ ? > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Sshguard-maintainers mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-maintainers > |
