Changing Logging for PortSentry

From: Bill Parker
Date: Saturday, 24 June 2000 3:25 PM

Procedure to change logging for PortSentry to separate log file:

IMPORTANT You may need to change Logcheck if running that on your system!

  1. Go to where portsentry source code is stored on your system.  Make copy of portsentry_config.h (in case you f**k up).  Edit portsentry_config.h and change LOG_DAEMON to LOG_LOCAL0 (enables local logging facility).

  2.  
  3. Do kill -9 any copies of PortSentry running on your system.

  4.  
  5. Do ./make linux to compile

  6.  
  7. Do ./make install to install

  8.  
  9. Change to /etc and edit syslog.conf

  10. Add the following to info.* line: "local0" (using commas as separators)

    Add a section to /etc/syslog.conf file which reads:

    # Log all the portsentry msgs in one place. (local0)
    local0.* /var/log/portsentry

    Since we are using local0 to redirect portsentry info, I thought it should have it's own log file.
     

  11. If you want logs rotated on preset schedule, do the following:

  12. In /etc/logrotate.d edit the syslog file and add the following items (the logrotate program runs as a cron job, btw).

    /var/log/portsentry {
    compress
    postrotate
    /usr/bin/killall -HUP syslogd
    endscript
    }
     

  13. Stop and start the cron & syslog process by going to /etc/rc.d/init.d and issuing:

    ./cron stop
    ./cron start
    ./syslog stop
    ./syslog start
     

  14. Go to directory where PortSentry binary is stored, and restart portsentry

  15.  
  16. If everything works ok, you should have a file in /var/log which has the name PortSentry (do a cat on it, and you should see PortSentry startup and log messages

  17.  
  18. All done :-)
searchSearch Index