Re: syslog/udp
Julian Assange (proff@suburbia.apana.org.au)
Thu, 24 Feb 1994 15:32:46 +1100 (EST)
>
> >
> > The problem is that syslogd will accept any message from anywhere
> > on the net. If you have to accept messages from your local net,
> > this fix is not useful -- if you're only logging things on your
> > local machine (i.e. all programs logging are using syslog(3)),
> > then you can disable logging over UDP.
>
> Even worse its only UDP packets, *very very* easy to forge
> so that you cant even trust the IP address in them.
>
> > > How can we, who are without source code, change this behavior?
> >
> > You can get the Berkeley syslogd code, which is in all likelyhood
> > compatible with your current syslogd.
>
> I'm afraid this is not the case. To compile BSD's syslogd
> code you will have to collect syslogd and rwalld sources and
> will have to find (or rewrite your own) the daemon() call (I
> assume this takes you off the tty and forks and has the parent
> return). Sun's syslogd has at least one feature that the BSD
> version does not. It doesnt open the syslog.conf for reading
> directly but rather pipes it through the 'm4' macro processor
> with the LOGHOST variable set if loghost's address is the same
> as one of the machines net interfaces. This allows you to use
> the same syslog.conf file on loghost and non-loghost machines.
> With BSD's syslog you would have to remove the if() lines in
> the syslog.conf and make two seperate files.
>
my version of daemon():
void daemon()
{
close(0);
close(1);
close(2);
setsid();
if (fork()) _exit(0);
}
- Julian.