Franck Joncourt wrote: > Le 23/07/2010 02:51, Michael Rash a écrit : >> On Jul 16, 2010, Lukas Baxa wrote: > [...] >> There is _some_ support for rsyslogd. At line 9022 in psad-2.1.7, there >> is a check that allows SYSLOG_DAEMON to be set to rsyslogd, and a check >> for the config file is enabled based on the ETC_RSYSLOG_CONF variable. >> Because syslogd and rsyslogd seem to behave fairly similarly w.r.t. how >> named pipes are handled, I think this should be enough. If not, I'm >> willing to test out a patch if one were to appear. :) > > I did tag this bug as *wont fix* last time since I thought adding too > much support to rsyslogd is going to be difficult and backward. But, if > you think we can considered it fixed with psad 2.1.7, I can tag it as > *resolved*. I have upgraded the debian package in git with the latest > release, but have not yet uploaded it since I wanted to check a few > other things in the packaging. > >>> 4) >>> However, I have one more question. Michael wrote: >>>> Indeed, this is the most important factor. Lukas, have you set >>>> ENABLE_SYSLOG_FILE to "N"? I would recommend against this as it >>>> really isn't necessary per the above. Just point the IPT_SYSLOG_FILE >>>> variable to whatever file your rsyslog daemon writes iptables log >>>> messages to. >>> >>> I haven't set ENABLE_SYSLOG_FILE to "N", it was set to "N" after >>> installation by default. >> >> Did you upgrade from an older version of psad, and did you use the >> "install.pl" script from the psad sources to do the upgrade? If so, then >> the "N" setting would have been preserved from the older installation. > > I sent a message to Lukas/BTS to explain that I thought it may have been > caused by an upgrade of the Debian package. I did not CC you Michael > since according to me this is a problem in Debian, and I did not want to > bother you too much :p!
I had psad installed for a few months without using it. I don't remember an upgrade of psad, but it might happen. > [...] >>> Both the init script and the man page psad(8) instructed me that >>> I should configure my syslog-type daemon to write all kern.info >>> messages to /var/lib/psad/psadfifo named pipe. The daemon kmsgsd >>> than filtered these messages and sent all iptables messages >>> to the file /var/log/psad/fwdata. I checked this behaviour >>> and it was really like this, as also described in the man page >>> psad(8). >> >> Thanks for pointing this out. I will update the man page. > > I wanted to patch the manpage and send it to you afterwards, but you are > now aware of it. > >>> Do you have any idea why this behaviour differs from the behaviour >>> described by Franck? As I already said, I'm using the version 2.1.3-1.1 >>> and I haven't changed the default of ENABLE_SYSLOG_FILE in psad.conf, >>> which is "N" by default. >>> >>> I installed psad a few months ago without using it and I don't know >>> if there was any upgrade of psad since that time. Maybe there was >>> some upgrade, but the old config file was used. Do you think this >>> is possible? I'm not sure. But even my current man page psad(8) >>> and the init script /etc/init.d/psad in psad version 2.1.3-1.1 >>> tell me that I should configure syslog properly (to send all kern.info >>> messages to /var/lib/psad/psadfifo named pipe). >> >> Yes, I think the upgrade is most likely the reason. > > Me too I agree with you, the upgrade is the most likely reason. I'm a bit confused now :-) I know you checked the psad releases too and I'm even not sure anymore that I haven't changed the ENABLE_SYSLOG_FILE variable :-) > > Regards, > Thanks for your help. Lukas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
