search for: log_auth

...= FACILITY > > > Log messages to the named syslog(3) facility. > > > > > > See 'man syslog' for the 'facilities' you can use. > > > [2018/05/08 17:34:42.388486, > > 0] ../source3/param/loadparm.c:1179(lp_enum) > > lp_enum(LOG_AUTH,enum): value is not in enum_list! > > > ;-) > > > Some hint on how to use 'auth' as facility?! Thanks. You would replace 'FACILITY' with one of the facilities shown in 'man syslog' e.g. full_audit:facility = LOG_AUTH Rowland

...18 09:14:24 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > You would replace 'FACILITY' with one of the facilities shown in > > 'man syslog' e.g. full_audit:facility = LOG_AUTH > > OK, done. But samba (as stated in previous email) still reply: > > [2018/05/08 17:34:42.388486, > 0] ../source3/param/loadparm.c:1179(lp_enum) lp_enum(LOG_AUTH,enum): > value is not in enum_list! > > so seems that 'auth' and also 'LOG_AUTH' is not a v...

...;man vfs_full_audit' > > full_audit:facility = FACILITY > Log messages to the named syslog(3) facility. > > See 'man syslog' for the 'facilities' you can use. [2018/05/08 17:34:42.388486, 0] ../source3/param/loadparm.c:1179(lp_enum) lp_enum(LOG_AUTH,enum): value is not in enum_list! ;-) -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia...

...rin via samba <samba at lists.samba.org> wrote: > > > Mandi! Rowland Penny via samba > > In chel di` si favelave... > > > > > You would replace 'FACILITY' with one of the facilities shown in > > > 'man syslog' e.g. full_audit:facility = LOG_AUTH > > > > OK, done. But samba (as stated in previous email) still reply: > > > > [2018/05/08 17:34:42.388486, > > 0] ../source3/param/loadparm.c:1179(lp_enum) lp_enum(LOG_AUTH,enum): > > value is not in enum_list! > > > > so seems that 'auth' a...

...security patches are in the : standard 5.4.17, except for the patch below. Also, there are more : (different) fixes in 5.4.18 (check h_length against sizeof(sin_addr) : in inet/rcmd.c and inet/rexec.c). : + { : + syslog(LOG_NOTICE|LOG_AUTH, : + "Attempt to feed me an overlong A record. Probably a breakin attempt."); : + host.h_length=4; : + } This came from the linux-server list. But reminded me of a something...

Hi ! While browsing Linux manpages (man 3 syslog) I noticed that the manual says that the LOG_AUTH facility is deprecated use LOG_AUTHPRIV instead. Is there a good reason why OpenSSH doesn't have an option to use LOG_AUTHPRIV facility ? (Looks like that tcpd/telnet etc. use the AUTHPRIV facility (in RH6.2)). Shouldn't be too hard to add the AUTH_PRIV facility ? Cheers, -Jarno --...

...used imap. My hack looks something like this: if(authenticated) { touchfile = (char *) malloc((strlen (home) + 15); sprintf(touchfile,"%s/.imapd.last",homedir); fd = open(touchfile,O_WRONLY|O_CREAT|O_TRUNC,0600); if(fd < 0) syslog (LOG_NOTICE|LOG_AUTH,"touchfile failed for %s:%s",user,strerror(errno)); else close(fd); free(touchfile); } Where to do this in the dovecot code? Is there something like this already available? I realize that the index/cache files contain last-access data, but if the cache files...

...------------------------- # Use one or more syslog facilities as arguments. Win32 can also # optionally specify a particular hostname/port. Under Win32, the # default hostname is '127.0.0.1', and the default port is 514. # # [Unix flavours should use this format...] # output alert_syslog: LOG_AUTH LOG_ALERT # # [Win32 can use any of these formats...] # output alert_syslog: LOG_AUTH LOG_ALERT # output alert_syslog: host=hostname, LOG_AUTH LOG_ALERT # output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT # log_tcpdump: log packets in binary tcpdump format # -----------------------------...

I've tried to setup VFS full audit facility in some share, like: vfs objects = [...] full_audit full_audit:prefix = %S|%d|%I|%M|%u full_audit:success = mkdir rmdir read pread write pwrite rename unlink full_audit:failure = none full_audit:facility = auth full_audit:priority = info but samba refuse 'full_audit:facility = auth' as a good

On Fri, 11 May 2018 13:17:52 -0700 Jeremy Allison <jra at samba.org> wrote: > On Fri, May 11, 2018 at 09:56:47PM +0200, Timur I. Bakeyev via samba > wrote: > > > > > Fixing it in both ways is easy, but it would be nice to hear from > > the developers, why did they choose such a limited set of syslog > > facilities. > > I don't know. The limited

...nally topic starter wanted to put the AUTH facility into the config. It could be that it's the only one, together with DAEMON, that make sense there. From other side, for completeness it may be feasible to add full set of: static const CODE facilitynames[] = { { "auth", LOG_AUTH, }, { "cron", LOG_CRON, }, { "daemon", LOG_DAEMON, }, { "ftp", LOG_FTP, }, { "kern", LOG_KERN, }, { "lpr", LOG_LPR, }, { "mail&quo...

.../radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace...

...==================== RCS file: /var/cvs/openssh/log.c,v retrieving revision 1.54 diff -u -p -r1.54 log.c --- log.c 10 Jun 2008 13:01:51 -0000 1.54 +++ log.c 2 Jun 2011 03:59:56 -0000 @@ -56,6 +56,8 @@ static LogLevel log_level = SYSLOG_LEVEL static int log_on_stderr = 1; static int log_facility = LOG_AUTH; static char *argv0; +static log_handler_fn *log_handler; +static void *log_handler_ctx; extern char *__progname; @@ -260,6 +262,9 @@ log_init(char *av0, LogLevel level, Sysl exit(1); } + log_handler = NULL; + log_handler_ctx = NULL; + log_on_stderr = on_stderr; if (on_stderr) r...

[Mod: This message is a reason *why* linux-security is moderated list. This is also a reason why Rogier, myself, Alan Cox and others really do not want to have completely open lists that deal with security related aspects of running a system as way too many people just jump to conclusions and give suggestions without doing any reasearch on a subject. -- alex (co-moderator of

Everyone: We're starting to see a rash of password guessing attacks via SSH on all of our exposed BSD servers which are running an SSH daemon. They're coming from multiple addresses, which makes us suspect that they're being carried out by a network of "bots" rather than a single attacker. But wait... there's more. The interesting thing about these attacks is that