hey there,

i want to get loging working on my chrooted jail for sftp. I read that you need to add something like this to your start up scripts:

/sbin/syslogd -a /usr/chroot/dev/log

where /usr/chroot/dev/log is a file located under the chrooted root.

so, i assume that the startup script wil be /etc/rc.syslog. here is my question- do i need to start up two instances of syslog? seem like i would to me, but i'm not sure. would i just add the above line to the bottom of rc.syslog file? or try to edit it? here is a snip from my current rc.syslog file

<snip>
syslogd_start() {
if [ -x /usr/sbin/syslogd -a -x /usr/sbin/klogd ]; then
echo -n "Starting sysklogd daemons: "
echo -n " /usr/sbin/syslogd"
/usr/sbin/syslogd
sleep 1 # prevent syslogd/klogd race condition on SMP kernels
echo " /usr/sbin/klogd -c 3 -x"
# '-c 3' = display level 'error' or higher messages on console
# '-x' = turn off broken EIP translation
/usr/sbin/klogd -c 3 -x
fi
}
<end snip>

thanks,

plan9

man syslogd

Have fun,
chris

Hey thanks.

Ya, I read the man page too. I guess, the key word here is "additional", which infers that the normal syslog is started no matter what parameters.

Funny how it can all hinge on the interpretation of a single word sometimes huh?

plan9

Yeppers,

(Sorry if I was being redundant)
If you run two instances (which you should be able to), it will be easier to keep the logs seperate, if that's what you desire. Look at the -p and and -f if so. I don't think that the standard syslog wouldn't let you filter on your source.

So two instances would be to add a line just after /usr/sbin/syslogd.
One instance would just add the -a <chrooted log socket> to that line.

I don't think slackware has kill/stop scripts for syslog does it?

Go glenda, go
chris