Browse files

Minor wording update for syslog messages parsing

Minor documentation update to better describe the default parsing behavior of
psad (non-usage of the psadfifo and kmsgsd by default).
  • Loading branch information...
1 parent b13f6ba commit 8454708d5e34c385dfbc0e91bd6331163b5ec273 @mrash committed Jul 26, 2011
Showing with 27 additions and 8 deletions.
  1. +17 −1 README.SYSLOG
  2. +10 −7 psad.conf
View
18 README.SYSLOG
@@ -1,4 +1,20 @@
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+
+This information is documented in the psad.conf file as well:
+
+By default, psad acquires iptables log data from the /var/log/messages
+file which the local syslog daemon (usually) writes iptables log messages
+to. If the ENABLE_SYSLOG_FILE variable is set to "N", then psad
+reconfigures syslog to write iptables log data to the
+/var/lib/psad/psadfifo fifo file where the messages are picked up by kmsgsd
+written to the file /var/log/psad/fwdata for analysis by psad. On some
+systems, having syslog communicate log data to kmsgsd can be problematic
+(syslog configs and external factors such as Apparmor and SELinux can play
+a role here), so leaving the ENABLE_SYSLOG_FILE variable set to "Y" is
+usually recommended.
+
+
+*** Pre psad-2.1.3 information below ***
+
TESTING YOUR INSTALLATION:
The psad installer does its best to reconfigure your syslog daemon to write
View
17 psad.conf
@@ -113,13 +113,16 @@ SHOW_ALL_SIGNATURES N;
### and alerting.
ALERTING_METHODS ALL;
-### By default, psad acquires iptables log data from the /var/log/psad/fwdata
-### file which is written to by kmsgsd. However, psad can just read an
-### existing file that syslog writes iptables log data to (commonly
-### /var/log/messages). On some systems, having syslog communicate log data
-### to kmsgsd can be problematic (syslog configs and external factors such
-### as Apparmor and SELinux can play a role here), so using this feature can
-### simplify a psad deployment.
+### By default, psad acquires iptables log data from the /var/log/messages
+### file which the local syslog daemon (usually) writes iptables log messages
+### to. If the ENABLE_SYSLOG_FILE variable below is set to "N", then psad
+### reconfigures syslog to write iptables log data to the
+### /var/lib/psad/psadfifo fifo file where the messages are picked up by kmsgsd
+### written to the file /var/log/psad/fwdata for analysis by psad. On some
+### systems, having syslog communicate log data to kmsgsd can be problematic
+### (syslog configs and external factors such as Apparmor and SELinux can play
+### a role here), so leaving the ENABLE_SYSLOG_FILE variable set to "Y" is
+### usually recommended.
ENABLE_SYSLOG_FILE Y;
IPT_WRITE_FWDATA Y;
IPT_SYSLOG_FILE /var/log/messages;

0 comments on commit 8454708

Please sign in to comment.