Changing Logging for PortSentry
Date: Saturday, 24 June 2000 3:25 PM
Procedure to change logging for PortSentry to
separate log file:
IMPORTANT You may need to
change Logcheck if
running that on your system!
- Go to where portsentry source code is stored on your
system. Make copy of portsentry_config.h (in case you f**k
up). Edit portsentry_config.h and change
LOG_LOCAL0 (enables local logging facility).
- Do kill -9 any
copies of PortSentry running on your system.
- Do ./make linux to
- Do ./make install
- Change to /etc and
Add the following to info.* line: "local0" (using commas as separators)
Add a section to /etc/syslog.conf file which
# Log all the portsentry msgs
in one place. (local0)
Since we are using local0 to redirect portsentry info, I
thought it should have it's own log file.
- If you want logs rotated on preset schedule, do the
edit the syslog file
and add the following items (the logrotate program runs as
a cron job, btw).
Stop and start the cron & syslog process by going to
- Go to directory where PortSentry binary is stored, and
- If everything works ok, you should have a file in
/var/log which has the
name PortSentry (do a cat on it, and you should see
PortSentry startup and log messages
- All done :-)