Clean up logging of security information a bit:

o Introduce /var/log/authentication.log, which will be the target for auth.info and authpriv.info by default. Rotate on the same schedule as most other logs. Create at installation. o Remove logging of auth.info from /var/log/security.log, which will return to being only for security feature subsystems (such as ipfw, and so on). This creates a special authentication log, which can now be searched by scripts for authentication events.
2002-03-11 19:26:29 +00:00 · 2002-03-11 19:26:29 +00:00 · 89e30355de
commit 89e30355de
parent cf446bea56
3 changed files with 5 additions and 1 deletions
--- a/etc/Makefile
+++ b/etc/Makefile
@ -130,6 +130,8 @@ distribution:
 	    ${DESTDIR}/etc/dumpdates
 	${INSTALL} -c -o nobody -g ${BINGRP} -m 644 /dev/null \
 	    ${DESTDIR}/var/db/locate.database
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \
+	    ${DESTDIR}/var/log/authentication.log
 	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \
 	    ${DESTDIR}/var/log/lpd-errs
 	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 640 /dev/null \
--- a/etc/newsyslog.conf
+++ b/etc/newsyslog.conf
@ -10,6 +10,7 @@
 # logfilename          [owner:group]    mode count size when [ZJB] [/pid_file] [sig_num]
 /var/log/cron				600  3	   100	*     Z
 /var/log/amd.log			644  7	   100	*     Z
+/var/log/authentication.log		600  7     100  *     Z
 /var/log/kerberos.log			600  7	   100	*     Z
 /var/log/lpd-errs			644  7	   100	*     Z
 /var/log/maillog			640  7	   *	@T00  Z
--- a/etc/syslog.conf
+++ b/etc/syslog.conf
@ -7,7 +7,8 @@
 #	Consult the syslog.conf(5) manpage.
 *.err;kern.debug;auth.notice;mail.crit		/dev/console
 *.notice;kern.debug;lpr.info;mail.crit;news.err	/var/log/messages
-security.*;auth.info				/var/log/security
+security.*					/var/log/security
+auth.info;authpriv.info				/var/log/authentication.log
 mail.info					/var/log/maillog
 lpr.info					/var/log/lpd-errs
 cron.*						/var/log/cron