> > > > > The problem is that syslogd will accept any message from anywhere > > on the net. If you have to accept messages from your local net, > > this fix is not useful -- if you're only logging things on your > > local machine (i.e. all programs logging are using syslog(3)), > > then you can disable logging over UDP. > > Even worse its only UDP packets, *very very* easy to forge > so that you cant even trust the IP address in them. > > > > How can we, who are without source code, change this behavior? > > > > You can get the Berkeley syslogd code, which is in all likelyhood > > compatible with your current syslogd. > > I'm afraid this is not the case. To compile BSD's syslogd > code you will have to collect syslogd and rwalld sources and > will have to find (or rewrite your own) the daemon() call (I > assume this takes you off the tty and forks and has the parent > return). Sun's syslogd has at least one feature that the BSD > version does not. It doesnt open the syslog.conf for reading > directly but rather pipes it through the 'm4' macro processor > with the LOGHOST variable set if loghost's address is the same > as one of the machines net interfaces. This allows you to use > the same syslog.conf file on loghost and non-loghost machines. > With BSD's syslog you would have to remove the if() lines in > the syslog.conf and make two seperate files. > my version of daemon(): void daemon() { close(0); close(1); close(2); setsid(); if (fork()) _exit(0); } - Julian.