3.18. Logging Access to Your Services

Problem

You want to know who is accessing your services via xinetd .

Solution

Enable logging in the service’s configuration file:

               /etc/xinetd.conf or /etc/xinetd.d/myservice:
service myservice
{
        ...
        log_type = SYSLOG facility 
               level
        log_on_success = DURATION EXIT HOST PID USERID
        log_on_failure = ATTEMPT HOST USERID
}

xinetd logs to syslog by default. To log to a file instead, modify the preceding log_type line to read:

log_type = FILE filename

Discussion

xinetd can record diagnostic messages via syslog or directly to a file. To use syslog, choose a facility (daemon, local0, etc.) and optionally a log level (crit, warning, etc.), where the default is info.

log_type = SYSLOG daemon                    facility = daemon, level = info
log_type = SYSLOG daemon warning            facility = daemon, level = warning

To log to a file, simply specify a filename:

log_type = FILE /var/log/myservice.log

Optionally you may set hard and soft limits on the size of the log file: see xinetd.conf(5).

Log messages can be generated when services successfully start and terminate (via log_on_success) or when they fail or reject connections (via log_on_failure).

If logging doesn’t work for you, the most likely culprit is an incorrect setup in /etc/syslog.conf . It’s easy to make a subtle configuration error and misroute your log messages. Run our syslog testing script to see where your messages are going. [Recipe 9.28]

See Also

xinetd.conf(5), syslog.conf(5), inetd.conf(5).

Get Linux Security Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.