SUMMARY: syslog filtering

From: david r coelho (
Date: Wed Nov 30 1994 - 16:15:40 CST

Thanks for the many responses I received. The TIS firewall toolkit
has a syslog that includes filtering. You can get the latest
version of fwtk from:

Here is the README for syslog that comes with fwtk:

        This version of syslog has been modified to accept
regular expressions as triggers. Lines in syslog.conf which
begin with '"' are treated as patterns. I.e.:

"su: BADSU" /var/adm/badsulog
*.notice;*.debug /var/adm/messages

        A second set of modifications have been made to the
destinations for log entries, such that destinations treated
with a '!' are assumed to be shell commands to execute. popen()
is used, so quoting and metacharacters are supported. The
given shell command is invoked with the syslog entry as its
standard input. WARNING - syslog is blocked until the command

        The LOCK_LOG option, if compiled in, causes the
log to be locked with flock() before writing to it. This
option is included for local reasons.

        The file syslog.c contains a version of the syslog()
and openlog() client routines that use udp packets instead of
a UNIX domain socket. With a /etc/hosts file and /etc/services
file they can be used successfully *after* a chroot(). Sun's
getservbyname() appears to crash and burn if invoked when there
is no /etc/services.

        logit.c is a simple utility for making system log entries
from shell scripts. Its documentation is its source code.

        Man page given is in BSD man macros and may not format
properly with all vendors' versions of -man. This is unfortunate,
but it's really berkeley's problem., June 1993

david r. coelho                        email: drc@ppt.COM
personal productivity tools, inc
43000 christy street                   voice: (510) 440-3050
fremont, ca 94538-3198 usa             fax:   (510) 770-0728

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:16 CDT