hi!
i use linux2.4.21-grsec with exec_logging, all exec were logged in /var/log/kern.log.
syslog.conf:
kern.* -/var/log/kern.log
is there a way to log all execs to an extra-file?
kern.log becomes realy big...
thx for help.
//richard
exec_logging extra-logfile
5 posts
• Page 1 of 1
exec_logging extra-logfile
by derRichard » Fri Aug 29, 2003 3:23 pm
- derRichard
- Posts: 10
- Joined: Fri Aug 29, 2003 3:15 pm
by Sleight of Mind » Sat Aug 30, 2003 4:46 am
i use metalog and it can do regex, so i just added a check for !grsec to all logs the messages would normally go into, and add a special file logging only grsec messages. I guess there must be some way of doing this with syslogd, altho i don't know exactly how to do it. I guess the syslogd manuals are a good start 
- Sleight of Mind
- Posts: 92
- Joined: Tue Apr 08, 2003 10:41 am
by derRichard » Sat Aug 30, 2003 7:28 am
Sleight of Mind wrote:i use metalog and it can do regex, so i just added a check for !grsec to all logs the messages would normally go into, and add a special file logging only grsec messages. I guess there must be some way of doing this with syslogd, altho i don't know exactly how to do it. I guess the syslogd manuals are a good start
hi!
i know about the "syslogd-way".
//richard
- derRichard
- Posts: 10
- Joined: Fri Aug 29, 2003 3:15 pm
by derRichard » Sat Aug 30, 2003 9:40 am
goodbyte wrote:I don't think ordinary syslog can do regex matching, but I know both syslog-ng and metalog can. Maybe you should change your system-logger?
hi!
it works fine with syslog-ng.
thx for the info!
//richard
- derRichard
- Posts: 10
- Joined: Fri Aug 29, 2003 3:15 pm
5 posts
• Page 1 of 1