I'm trying to log tcp wrappers and am having trouble getting it started. I'm running slackware 8.1 and using the default tcp-wrappers.

To find out what the facility was I downloaded another version of tcp-wrappers, and it's default facility name was MAIL_LOG.

I then added this line (separated by tabs) to my syslogd.conf:
MAIL_LOG.* /var/log/authTCP

Then I touched authTCP, restarted inetd, syslogd. But I get nothing in the log when I get incoming ssh conenctions - which is being checked by tcp-wrappers.



I think the real problem I'm having is understanding how tcp-wrappers gets started, and how it's different from tcpd. I don't have tcpd running, but when I make changes to my hosts.allow or deny files they stick. Any suggested readings would be appreciated.

Thanks.

If the facility is MAIL_LOG, then your line in syslog will be
mail.*/path/to/logfile #watch for tab usage.
Also you'll need to add some usefull logging in /etc/hosts.{allow,deny}, spawn lines 'n such.