Commit Graph

28 Commits

Author SHA1 Message Date
glebius
658ce18125 Fix a terrible braino in last commit. Put kern.debug back to /var/log/messages
and do exactly what last commit message described.
2005-03-12 12:31:16 +00:00
glebius
4df93e25d7 Do not print kernel debugging on console. In case of serial console
this can cause a really heavy load on system. Several kernel debugging
messages can be triggered even remotely (e.g. bad ARP replies).

Use kern.warning instead, so that really significant messages still
will be printed on console.

Reviewed by:	current@
MFC after:	1 week
Security:	this change fixes a DoS condition, when default system
		console is serial, and box is flooded with bogus ARP
		packets
2005-02-22 08:03:09 +00:00
des
1e06682f7e Make sure debug.log only gets debugging messages. 2003-04-23 13:08:31 +00:00
des
03a987e08d Introduce debug.log which gets debug.* (most of this would otherwise go
to the great bit-bucket in the sky)
2003-04-08 16:14:02 +00:00
yar
6dd591ce7c Stop logging ``authpriv'' messages to the world-readable file
/var/log/messages.  Such messages are for the eyes of authorized
personnel only.

PR:		conf/48170
Discussed in:	freebsd-security
MFC after:	2 weeks
2003-04-03 18:37:49 +00:00
markm
c54d14202f Rename the ftp log filename for compatability with OpenBSD and NetBSD.
Requested by:	ru
2002-09-21 12:07:35 +00:00
markm
90f120329f Log ftpd stuff in the same way that we log lpd stuff. Too many ftpd's
are attacked for us to throw away this sort of evidence.
2002-09-20 22:10:01 +00:00
phk
2317fe447f Per discussion on current: Don't spam root with syslog messages. 2002-04-06 11:22:01 +00:00
rwatson
2cd75cb889 Turns out everyone is a lot lazier than I thought. Spell
'authentication.log' as 'auth.log'.

This is also more consistent with syslog facility names.

Sigh. :-)

Submitted by:	asmodai, aeonflux, green, ....
2002-03-11 19:34:57 +00:00
rwatson
89e30355de Clean up logging of security information a bit:
o Introduce /var/log/authentication.log, which will be the target for
  auth.info and authpriv.info by default.  Rotate on the same schedule
  as most other logs.  Create at installation.

o Remove logging of auth.info from /var/log/security.log, which will
  return to being only for security feature subsystems (such as ipfw,
  and so on).

This creates a special authentication log, which can now be searched
by scripts for authentication events.
2002-03-11 19:26:29 +00:00
rwatson
c2d83956da /var/log/security gets almost no (if not no) activity on many FreeBSD
systems due to sshd not using the security log class.  Tweak syslog.conf
so that /var/log/security also gets a useful set of
authentication-related logging.

Submitted by:	aeonflux@synapse.subneural.net
MFC after:	4 weeks
2002-03-10 15:20:36 +00:00
asmodai
718649e606 Explain that /var/log/all.log needs to be touched and chmod'd 'ere it
can be used.

PR:		17022
Submitted by:	Niels Christian Bank-Pedersen <ncbp@bank-pedersen.dk>
MFC after:	1 week
2001-10-28 13:41:30 +00:00
murray
52906766f8 Note in the comments that it is possible, but not recommended to use
spaces instead of tabs in this file.  This matches the description in
the manpage.

PR:		25945
Submitted by:	T. William Wells <bill@twwells.com>
2001-03-31 04:41:24 +00:00
phk
5136341131 Log the console output to "/var/log/console.log", not "/var/log/console"
(MFC candidate)
2001-02-17 20:27:58 +00:00
phk
932e6061e7 Add commented out entry showing use of console.info feature. 2000-12-20 22:26:33 +00:00
rwatson
6b5dfacc05 Add two commented out syslog.conf entries, one to demonstrate the use of
an all.log for logging all messages, and one to demonstrate use of loghosts.
Also, a matching entry in newsyslog.conf for all.log.

Per request of Garrett Wollman, also modified the maillog entry to use the
@T newsyslog time specification mechanism.  Because newsyslog doesn't
support the mod date specification machanism, couldn't change other
entries that required more than one execution a month, but less than once
a day.

Approved by:	jkh
Reviewed by:	freebsd-security
2000-02-08 21:57:28 +00:00
n_hibma
6a423db166 Move /var/cron/log to /var/log/cron 1999-09-06 20:10:27 +00:00
peter
289c0d262f $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
green
1d06e20aed This is the addition of a syslog(3) security.* top-level category. This
should be used from now on for anything security but not auth-related.
Included are updates for all relevant manpages and also to /etc files,
creating a new /var/log/security. Nothing in the system logs to
/var/log/security yet as of the time of this commit.

Reviewed by:	rgrimes, imp, chris
1999-08-21 18:24:29 +00:00
nate
de554c5295 - Add a couple comment lines to note that spaces are not allowed as
field separators.

PR:		conf/8162
Submitted by:	Sheldon Hearn <sheldonh@axl.training.iafrica.com>
1998-10-14 21:59:55 +00:00
brian
387abc60ff Add Id keywords 1998-09-02 01:34:57 +00:00
ache
0aa80b0c2e Add ppp.log 1997-06-10 20:40:22 +00:00
pst
f7ea04250c auth.debug should not be sent to root realtime
news.notice info should not be sent to /var/log/messages, as news has
	its own set of logs and notice is overused by inn

added entries for newsservers (but they're commented out)
1996-11-06 22:27:04 +00:00
ache
00b5833354 Back out daemon.* addition, ssh port should be fixed instead 1996-11-02 00:08:44 +00:00
ache
ef0515a6d6 Log daemon.* to /var/log/messages or very valuable daemons messages
lost forever
1996-10-31 00:29:10 +00:00
ache
802d509e47 Put startslip syslog messages into separate file
Increase rotating log sizes in newsyslog.conf to reflect
more common case
1996-01-07 00:52:50 +00:00
guido
8a995caf00 This is Vixie cron 3.0. This version fixes all known security bugs.
Further it implements crontab -e.
I moved cron from /usr/libexec to /usr/sbin where most daemons are
that are run from rc. That also gets rid of the ugly path crond
used to have in ps(1) outputs. Further I renamed it to cron, as
Paul Vixie likes it and is done by NetBSD.

NOTE VERY WELL THE FOLLOWING:

1) Systems crontab changed. Every users crontab resides in /var/cron
   *EXCEPT* root's. This is a special crontab as it resides in
   /etc. Further it is the *ONLY* crontab file in which you specify
   usernames. See /usr/src/etc/crontab. This is also done by BSDI's
   BSD/386 as far as I know (they provided the patches for it anyway)
2) So you *must* delete root's crontab and reinstall the copy
   in /etc from /usr/src/etc.
   'Must' is to much: the old installed crontab will work but cron
   will also try to 'run' /etc/crontab.
3) Last but not least: cron's logging is now done via syslog. Note
   that logging by cron is done lowercase when it logs about itsself
   and uppercase when it logs user events, like installing a new crontab.
   The default logfile file is the same as before:
   	syslog.conf:cron.*	/var/cron/log

-Guido
1994-01-22 20:44:14 +00:00
rgrimes
241ccdeaf3 Initial import of 386BSD 0.1 othersrc/etc 1993-06-20 13:41:45 +00:00