Hosting Provided By

RFC#6 - syslogd

From: Ed White <ed(at)overminder.com>
Date: Thu Feb 06 2003 - 16:24:21 EST

Request to add an option to avoid UDP port binding

By default OpenBSD syslogd keep opened UDP port 514 even if this is never used. Infact if you want to use the UDP port you'll have to edit /etc/ syslogd.conf to accept remote logs or select a host where send logs. Applying this small patch to -current version of syslogd.c a new option will be introduced: "-s" that doesn't bind any UDP port.

240c240
< while ((ch = getopt(argc, argv, "dnuf:m:p:a:")) != -1)

---

>       while ((ch = getopt(argc, argv, "dnusf:m:p:a:")) != -1)


259a260,262

>               case 's':               /* don't bind udp input port */

>                       SecureMode = 2;

>                       break;

337c340,345
<       finet = socket(AF_INET, SOCK_DGRAM, 0);
---

>

>       if ( SecureMode == 2 )

>         finet = -1;

>       else

>         finet = socket(AF_INET, SOCK_DGRAM, 0);

>        

475c483
<           "usage: syslogd [-dnu] [-f config_file] [-m mark_interval] "
---

>           "usage: syslogd [-dnus] [-f config_file] [-m mark_interval] "



Also a patch for the man page syslogd.8

45c45
< .Op Fl dnu
---

> .Op Fl dnus

81a82,86

> .It Fl s

> Select the

> .Dq secure

> mode, in which syslogd will never bind any UDP port.

> This is usefull when you don't need to receive logs from or send logs to 

remote systems.
122,124c127,133
< opens the above described socket whether or not it is
< running in secure mode.
< If
---

> opens the above described socket by default,

> but all incoming data on this socket is discarded,

> infact the socket is only required to send forwarded messages.

> .Pp

> In

> .Dq secure

> mode

126,127c135,136
< is running in secure mode, all incoming data on this socket is discarded.
< The socket is required for sending forwarded messages.
---

> doesn't open any socket and can't log to a remote host or receive logs.

> This is the best choice if you want to log only locally.


Finally /etc/rc.conf should be modified to start syslogd with args "-s".

So we'll have 3 way to use syslogd:
"syslogd -u" - accept remote logs
"syslogd -s" - log to local
"syslogd" - log to remote



	Ed



# RFC @ hacking.openbsd.it

Received on Thu Feb 6 16:29:49 2003

This message: [ Message body ]
Next message: Ed White: "RFC#2 - startx"
Previous message: Ed White: "RFC#4 - console beep"
In reply to mho: "disklabel: support (non-interactive) printing in selectable units"
Next in thread: Theo de Raadt: "Re: RFC#6 - syslogd"
Reply: Theo de Raadt: "Re: RFC#6 - syslogd"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:48:29 EDT