Do you have a question? Post it now! No Registration Necessary. Now with pictures!
June 17, 2008, 4:32 pm
rate this thread
Re: alternative to snare
Seems likely you're referring to a Linux or BSD box?
I wouldn't fool with snare if I could avoid it either; but you'll have
to play a bit (I haven't done it).
I'm using Gentoo, and this is how I'd approach it on my box (YMMV)
go to: /usr/include/sys ; make a backup of syslog.h ; edit syslog.h and
upgrade the loglevel for the appropriate syslog facility.
e.g. the loglevel definitions are in there:
#define LOG_EMERG 0 /* system is unusable */
#define LOG_ALERT 1 /* action must be taken immediately */
#define LOG_CRIT 2 /* critical conditions */
#define LOG_ERR 3 /* error conditions */
#define LOG_WARNING 4 /* warning conditions */
#define LOG_NOTICE 5 /* normal but significant condition */
#define LOG_INFO 6 /* informational */
#define LOG_DEBUG 7 /* debug-level messages */
and most likely the info you want is at level 4 or 5, not the default
level of 3.
So now you need to figure which facility is involved:
/* facility codes */
#define LOG_KERN (0<<3) /* kernel messages */
#define LOG_USER (1<<3) /* random user-level messages */
#define LOG_MAIL (2<<3) /* mail system */
#define LOG_DAEMON (3<<3) /* system daemons */
#define LOG_AUTH (4<<3) /* security/authorization messages */
#define LOG_SYSLOG (5<<3) /* messages generated internally by
#define LOG_LPR (6<<3) /* line printer subsystem */
#define LOG_NEWS (7<<3) /* network news subsystem */
#define LOG_UUCP (8<<3) /* UUCP subsystem */
#define LOG_CRON (9<<3) /* clock daemon */
#define LOG_AUTHPRIV (10<<3) /* security/authorization messages
#define LOG_FTP (11<<3) /* ftp daemon */
looking at the above, it could be LOG_AUTHPRIV, LOG_AUTH, or LOG_USER ?
so the IIWU, I'd play with facilities and loglevels 'til you got the
messages you wanted on syslog.
When you get this working, please post back here with what you did :-)
- » Re: OpenSSL New Trusted Root Certificate PHP/HTML Integration
- — Next thread in » Computer Software Security
- » CFP: 2008 International Conference on Computational Intelligence for Modelling, Control ...
- — Previous thread in » Computer Software Security