Menu
▾
▴
Re: [Sshguard-maintainers] syslog.conf | (pipe) on Redhat Linux
|
From: Mij <mi...@bi...> - 2007-10-23 15:20:02
|
On 16/ott/07, at 23:01, Forrest Aldrich wrote: > Sorry for the late reply; got distracted. > > We're using Redhat Enterprise Linux (latest release) and I'm a > little surprised that it has the older syslogd. > > After reading the manpages and creating the FIFO, I'm still a > little confused about how this would be properly called in /etc/ > syslog.conf. > > For example, if I have: > > auth.info;authpriv.* |/usr/local/ > sbin/sshguard -p 1800 -w /usr/local/etc/sshguard_whitelist > > I would need to change that to: > > |/usr/local/sbin/sshguard -p 1800 -w /usr/local/etc/ > sshguard_whitelist < /path/to/FIFO this is wrong. As syslogd does not support piping but just writing to FIFOs, you must make syslogd write to a FIFO: 1) mkfifo /var/tmp/sshguard.fifo 2) change syslogd.conf with auth.info;authpriv.* |/var/tmp/ sshguard.fifo 3) then run every time /usr/local/sbin/sshguard -p 1800 -w /usr/local/etc/sshguard_whitelist < /var/tmp/sshguard.fifo if you have further questions on this topic, please direct them to ssh...@li... > > That doesn't seem right. How does syslogd know to WRITE to the > FIFO to begin with, with that directive? > > It may just be easier for me to install rsyslogd or syslog-ng, but > I'd like to eliminate too many variables if possible. > > > Thanks. > > > Mij wrote: >> On 07/ott/07, at 17:25, Forrest Aldrich wrote: >> >> >>> It appears we cannot use the same format in Redhat's syslog.conf >>> as I >>> can in FreeBSD, ie: the | to a command directive. The manpage >>> specifies a "named pipe" for which mkfifo must be used to create >>> first. >>> >>> I read through the manpage and cannot see where else we can pipe the >>> output of the logged actions to the stock syslog daemon. Of >>> course, the >>> solution will be to try a third party application like rsyslogd or >>> syslog-ng. However, I wanted to be sure my facts were correct >>> before >>> doing so. >>> >> thanks for your interest. >> >> In systems with older syslogds the FIFO is the best solution. It is >> clean and >> unintrusive. You make syslogd write to the FIFO, and call sshguard >> like >> "sshguard options < FIFO" >> >> are you preparing a rpm package? Did you see >> http://sshguard.sourceforge.net/packages/ ? >> >> --------------------------------------------------------------------- >> ---- >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a >> browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> _______________________________________________ >> Sshguard-maintainers mailing list >> Ssh...@li... >> https://lists.sourceforge.net/lists/listinfo/sshguard-maintainers >> > ---------------------------------------------------------------------- > --- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a > browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Sshguard-maintainers mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-maintainers |
