3.18. Logging Access to Your Services
Problem
You want to know who is accessing your services via xinetd .
Solution
Enable logging in the service’s configuration file:
/etc/xinetd.conf or /etc/xinetd.d/myservice:
service myservice
{
...
log_type = SYSLOG facility
level
log_on_success = DURATION EXIT HOST PID USERID
log_on_failure = ATTEMPT HOST USERID
}
xinetd logs to
syslog by default. To
log to a file instead, modify the
preceding log_type
line to read:
log_type = FILE filename
Discussion
xinetd can record diagnostic messages via
syslog
or directly to a file. To use
syslog
, choose a facility
(daemon
, local0
, etc.) and
optionally a log level (crit
,
warning
, etc.), where the default is
info
.
log_type = SYSLOG daemon facility = daemon, level = info log_type = SYSLOG daemon warning facility = daemon, level = warning
To log to a file, simply specify a filename:
log_type = FILE /var/log/myservice.log
Optionally you may set hard and soft limits on the size of the log file: see xinetd.conf(5).
Log messages can be generated when services successfully start and
terminate (via log_on_success
) or when they fail
or reject connections (via log_on_failure
).
If logging doesn’t work for you, the most likely culprit is an incorrect setup in /etc/syslog.conf . It’s easy to make a subtle configuration error and misroute your log messages. Run our syslog testing script to see where your messages are going. [Recipe 9.28]
See Also
xinetd.conf(5), syslog.conf(5), inetd.conf(5).
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.