Changing Logging for PortSentry

From: Bill Parker
Date: Saturday, 24 June 2000 3:25 PM

Procedure to change logging for PortSentry to separate log file:

IMPORTANT You may need to change Logcheck if running that on your system!

  1. Go to where portsentry source code is stored on your system.  Make copy of portsentry_config.h (in case you f**k up).  Edit portsentry_config.h and change LOG_DAEMON to LOG_LOCAL0 (enables local logging facility).

  3. Do kill -9 any copies of PortSentry running on your system.

  5. Do ./make linux to compile

  7. Do ./make install to install

  9. Change to /etc and edit syslog.conf

  10. Add the following to info.* line: "local0" (using commas as separators)

    Add a section to /etc/syslog.conf file which reads:

    # Log all the portsentry msgs in one place. (local0)
    local0.* /var/log/portsentry

    Since we are using local0 to redirect portsentry info, I thought it should have it's own log file.

  11. If you want logs rotated on preset schedule, do the following:

  12. In /etc/logrotate.d edit the syslog file and add the following items (the logrotate program runs as a cron job, btw).

    /var/log/portsentry {
    /usr/bin/killall -HUP syslogd

  13. Stop and start the cron & syslog process by going to /etc/rc.d/init.d and issuing:

    ./cron stop
    ./cron start
    ./syslog stop
    ./syslog start

  14. Go to directory where PortSentry binary is stored, and restart portsentry

  16. If everything works ok, you should have a file in /var/log which has the name PortSentry (do a cat on it, and you should see PortSentry startup and log messages

  18. All done :-)
