Hi, As a matter of fact since 2.1.3, psad parses /var/log/messages to acquire iptables logs. So, as long as your iptables logs can be found in that file you are fine.
Here is the entry in the changelog: psad-2.1.3 (06/07/2008): - Updated to enable IPT_SYSLOG_FILE by default. This is a relatively important change since it changes the method of acquiring iptables log data from reading it out of named pipe from syslog to just parsing the /var/log/messages file. This implies that kmsgsd does not have to run, and that it is much easier to ensure that psad actually receives iptables log messages. The most complex and error prone aspect of psad in the past has been the reconfiguration of the various syslog daemons out there (which have very different configuration syntax and features) to write kern.info messages to the /var/lib/psad/psadfifo named pipe. http://trac.cipherdyne.org/trac/psad/browser/psad/trunk/ChangeLog Therefore, I think everything around how to setup the syslog daemon should be removed from the package. What do you think Daniel ? Regards, -- Franck Joncourt http://debian.org - http://smhteam.info/wiki/ Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE
signature.asc
Description: OpenPGP digital signature
