From: Bill Parker
Date: Saturday, 24 June 2000 3:25 PM

Procedure to change logging for PortSentry to separate log file:

IMPORTANT You may need to change Logcheck if running that on your system!

1. Go to where portsentry source code is stored on your system.  Make copy of portsentry_config.h (in case you f**k up).  Edit portsentry_config.h and change LOG_DAEMON to LOG_LOCAL0 (enables local logging facility).
2. 
    
3. Do kill -9 any copies of PortSentry running on your system.
4. 
    
5. Do ./make linux to compile
6. 
    
7. Do ./make install to install
8. 
    
9. Change to /etc and edit syslog.conf
10. 
    Add the following to info.* line: "local0" (using commas as separators)

    Add a section to /etc/syslog.conf file which reads:

    # Log all the portsentry msgs in one place. (local0)
    local0.* /var/log/portsentry

    Since we are using local0 to redirect portsentry info, I thought it should have it's own log file.
     

11. If you want logs rotated on preset schedule, do the following:
12. 
    In /etc/logrotate.d edit the syslog file and add the following items (the logrotate program runs as a cron job, btw).

    /var/log/portsentry {
    compress
    postrotate
    /usr/bin/killall -HUP syslogd
    endscript
    }
     

13. Stop and start the cron & syslog process by going to /etc/rc.d/init.d and issuing:

    ./cron stop
    ./cron start
    ./syslog stop
    ./syslog start
     

14. Go to directory where PortSentry binary is stored, and restart portsentry
15. 
     
16. If everything works ok, you should have a file in /var/log which has the name PortSentry (do a cat on it, and you should see PortSentry startup and log messages
17. 
     
18. All done :-)

Search