Hi,
First, I will tell you what I have and want.
Second, I will ask you how/what.
Last, I will tell you what the current sitiation.
Thank you for reaing and any idea would be appreciated.
First,
I have installed TCP/IP Wrapper because I would like to mornitoring on all services(FTP, WWW, TELNET, SSH, SMTP, rlogin, etc…). When I looked at the syslog.conf,
*.info;mail.none;news.none;authpriv.none /var/log/messages <--- is this means all info, mail, news, and authpriv events go to to /var/log/messages file?
Second, HOW/WHAT.
1) How can I add rlogin, ssh and SMTP on messages file? So that when I open /var/log/messages, I can see rlogin and SSH events if there was something going on.
2) What is the defferences between /var/log/messages and syslog file from TCP/IP Wrapper? I assume the messages file is made by Linux OS it self.
Last,
When I excuted tcpdchk, I got this;
[root@webserver /home]# tcpdchk
warning: /etc/hosts.allow, line 7: host address 192.168.1.29->name lookup failed
warning: /etc/hosts.allow, line 9: host address 192.168.1.101->name lookup failed
warning: /etc/hosts.allow, line 11: host address 192.168.1.36->name lookup failed
warning: /etc/hosts.allow, line 13: host address 192.168.1.30->name lookup failed
warning: /etc/hosts.allow, line 15: host address 192.168.1.32->name lookup failed
I took the advence way that leave daemon along, and configured inet.conf setting. For example, FTP service, I changed the line;
ftp stream tcp nowait root /usr/etc/tcpd in.ftpd -L -l -i -a
Origianlly tcpd is in /usr/sbin because telnet is still using tcpd where /usr/sbin.
Even I restart inetd, my FTP service is working fine with tcpd daemon from Wrapper(I believe).
