On Jul 23, 2010, Franck Joncourt wrote: > Le 23/07/2010 02:51, Michael Rash a écrit : > >On Jul 16, 2010, Lukas Baxa wrote: > [...] > >There is _some_ support for rsyslogd. At line 9022 in psad-2.1.7, there > >is a check that allows SYSLOG_DAEMON to be set to rsyslogd, and a check > >for the config file is enabled based on the ETC_RSYSLOG_CONF variable. > >Because syslogd and rsyslogd seem to behave fairly similarly w.r.t. how > >named pipes are handled, I think this should be enough. If not, I'm > >willing to test out a patch if one were to appear. :) > > I did tag this bug as *wont fix* last time since I thought adding > too much support to rsyslogd is going to be difficult and backward. > But, if you think we can considered it fixed with psad 2.1.7, I can > tag it as *resolved*. I have upgraded the debian package in git with > the latest release, but have not yet uploaded it since I wanted to > check a few other things in the packaging.
I think that basically the problem is fixed in the sense that the appropriate config is referenced if there is a problem with psadfifo named pipe. > >>4) > >>However, I have one more question. Michael wrote: > >>>Indeed, this is the most important factor. Lukas, have you set > >>>ENABLE_SYSLOG_FILE to "N"? I would recommend against this as it > >>>really isn't necessary per the above. Just point the IPT_SYSLOG_FILE > >>>variable to whatever file your rsyslog daemon writes iptables log > >>>messages to. > >> > >>I haven't set ENABLE_SYSLOG_FILE to "N", it was set to "N" after > >>installation by default. > > > >Did you upgrade from an older version of psad, and did you use the > >"install.pl" script from the psad sources to do the upgrade? If so, then > >the "N" setting would have been preserved from the older installation. > > I sent a message to Lukas/BTS to explain that I thought it may have > been caused by an upgrade of the Debian package. I did not CC you > Michael since according to me this is a problem in Debian, and I did > not want to bother you too much :p! No problem - I'm happy either way. Sometimes it takes me a while to respond (sorry for the delay). > [...] > >>Both the init script and the man page psad(8) instructed me that > >>I should configure my syslog-type daemon to write all kern.info > >>messages to /var/lib/psad/psadfifo named pipe. The daemon kmsgsd > >>than filtered these messages and sent all iptables messages > >>to the file /var/log/psad/fwdata. I checked this behaviour > >>and it was really like this, as also described in the man page > >>psad(8). > > > >Thanks for pointing this out. I will update the man page. > > I wanted to patch the manpage and send it to you afterwards, but you > are now aware of it. Your patches are always welcome, and you may get to this before me. Thanks, --Mike > >>Do you have any idea why this behaviour differs from the behaviour > >>described by Franck? As I already said, I'm using the version 2.1.3-1.1 > >>and I haven't changed the default of ENABLE_SYSLOG_FILE in psad.conf, > >>which is "N" by default. > >> > >>I installed psad a few months ago without using it and I don't know > >>if there was any upgrade of psad since that time. Maybe there was > >>some upgrade, but the old config file was used. Do you think this > >>is possible? I'm not sure. But even my current man page psad(8) > >>and the init script /etc/init.d/psad in psad version 2.1.3-1.1 > >>tell me that I should configure syslog properly (to send all kern.info > >>messages to /var/lib/psad/psadfifo named pipe). > > > >Yes, I think the upgrade is most likely the reason. > > Me too > > Regards, -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
