Re: telnet authentication using RADIUS
hi again.. pardon me, but I still have not find anything to solve my problem with using pam/telnetd.. my problem is: I need pam.d/telnetd to be always used as telnet aaa configs.. but when a non-sra telnet connection is created, pam.d/login is used for that telnet session's aaa configurations.. is there any way to do an integration? any ideas?? please let me know of any point you may know about this.. thank you so much :) Best Regards, takCoder On Wed, Aug 14, 2013 at 2:38 PM, takCoder wrote: > hi all, > > I need to apply radius authentication for my remote connections. For ssh, > I have no problems, as I use pam.d/sshd file to add pam_radius.so entry.. > > but for telnet I've faced a problem.. as I have seen, for non-SRA telnet > connections, telnet authentication will be done via pam.d/login rather than > pam.d/telnetd.. and this depends on telnet client as well rather than just > my server.. > > I need it to always apply pam.d/telnetd file for all telnet > authentications, so i can separate my remote authentication policies from > local ones.. > > am I right with the facts I said above about telnet? > Do you know of any tip or trick on this?? any ideas are really > appreciated.. > Thank you :) > > Best Regards, > t.a.k > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On 29/08/2013 02:08, Alejandro Imass wrote: On Wed, Aug 28, 2013 at 4:11 PM, Frank Leonhardt wrote: On 28/08/2013 19:42, Patrick wrote: On Wed, Aug 28, 2013 at 7:25 AM, Alejandro Imass wrote: On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt wrote: [...] Sorry guys - I had not intention of upsetting the EzJail fan club! No worries there I just think it's an awesome tool. We used plain old jails before, and we even went through the "service jail" path once, but EzJail is a lot more than just lightweight easy-to-use jailing. The fact remains that I've tried to recreate this problem on what comes to a similar set-up, but without EzJail, and I can't. I've only tested it on FreeBSD 8.2 so far, and I've only tested it from INSIDE a jail. I completely understood what you were saying about it doing weird stuff outside a jail, but my point is that this may or may not be related. Actually you can replicate it easily. Assign a number of IPs to any interface but that the interface has a default route. It will always use the "primary" or default IP on the other end. You can probably see this effect even on a private network provided all the aliases route through the same gateway. You will not be able to see this effect using aliases on the loopback AFAIK. You don't say what version you're running. I can try and recreate it on another version. It doesn't matter, it's a very basic network issue with aliases in FreeBSD, Linux and other OSs. Look here: http://serverfault.com/questions/12285/when-ip-aliasing-how-does-the-os-determine-which-ip-address-will-be-used-as-sour I would like to know how people deal with this on FBSD Okay, I'm trying here. I tried to recreate it thus: b1# ifconfig bge0: flags=8843 metric 0 mtu 1500 options=8009b ether 00:21:9b:fd:30:8b inet xx.yy.41.196 netmask 0xffc0 broadcast xx.yy.41.255 inet xx.yy.41.197 netmask 0x broadcast xx.yy.41.197 inet xx.yy.41.198 netmask 0x broadcast xx.yy.41.198 inet xx.yy.41.199 netmask 0x broadcast xx.yy.41.199 inet xx.yy.41.200 netmask 0x broadcast xx.yy.41.200 inet xx.yy.41.201 netmask 0x broadcast xx.yy.41.201 inet xx.yy.41.202 netmask 0x broadcast xx.yy.41.202 inet xx.yy.41.203 netmask 0x broadcast xx.yy.41.203 inet xx2.yy2.76.62 netmask 0xffc0 broadcast xx2.yy2.76.63 inet xx.yy.41.207 netmask 0x broadcast xx.yy.41.207 inet xx.yy.41.206 netmask 0x broadcast xx.yy.41.206 media: Ethernet autoselect (100baseTX ) status: active Then: b1# ssh -b xx.yy.41.197 b2 -l myname Open new session and... b1# ssh -b xx.yy.41.198 b2 -l myname Open new session and... b1# ssh -b xx.yy.41.199 b2 -l myname An so on Then on b2: b2# w -n 9:43AM up 803 days, 22:47, 5 users, load averages: 0.07, 0.06, 0.02 USER TTY FROM LOGIN@ IDLE WHAT myname p0 ns0.domainname.org.uk9:28AM14 -csh (csh) myname p1 ns1.domainname.net 9:29AM14 -csh (csh) myname p5 xx.yy.41.199 9:29AM13 -csh (csh) myname p6 xx.yy.41.201 9:30AM - w -n myname p7 xx.yy.41.207 9:30AM11 -csh (csh) The only problem I can see there is that the -n option isn't working on w! I'll look in to that. The reverse lookups match the IP addressed dialled in on. b2 has the same sshd bound to all IP addresses, incidentally. b1 has more than one interface, but all the IP addresses I used are on the same one. My guess, if you're not getting this, is that you're configuring the aliases in a different way, so the output of ipconfig might help, even if it just convinces me the netmask is correct and stops me worrying. I've obviously obfuscated the first part of mine. Or have I misunderstood the problem? Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On 29/08/2013 09:52, Frank Leonhardt wrote: On 29/08/2013 02:08, Alejandro Imass wrote: On Wed, Aug 28, 2013 at 4:11 PM, Frank Leonhardt wrote: On 28/08/2013 19:42, Patrick wrote: On Wed, Aug 28, 2013 at 7:25 AM, Alejandro Imass wrote: On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt wrote: [...] Sorry guys - I had not intention of upsetting the EzJail fan club! No worries there I just think it's an awesome tool. We used plain old jails before, and we even went through the "service jail" path once, but EzJail is a lot more than just lightweight easy-to-use jailing. The fact remains that I've tried to recreate this problem on what comes to a similar set-up, but without EzJail, and I can't. I've only tested it on FreeBSD 8.2 so far, and I've only tested it from INSIDE a jail. I completely understood what you were saying about it doing weird stuff outside a jail, but my point is that this may or may not be related. Actually you can replicate it easily. Assign a number of IPs to any interface but that the interface has a default route. It will always use the "primary" or default IP on the other end. You can probably see this effect even on a private network provided all the aliases route through the same gateway. You will not be able to see this effect using aliases on the loopback AFAIK. You don't say what version you're running. I can try and recreate it on another version. It doesn't matter, it's a very basic network issue with aliases in FreeBSD, Linux and other OSs. Look here: http://serverfault.com/questions/12285/when-ip-aliasing-how-does-the-os-determine-which-ip-address-will-be-used-as-sour I would like to know how people deal with this on FBSD Okay, I'm trying here. I tried to recreate it thus: b1# ifconfig bge0: flags=8843 metric 0 mtu 1500 options=8009b ether 00:21:9b:fd:30:8b inet xx.yy.41.196 netmask 0xffc0 broadcast xx.yy.41.255 inet xx.yy.41.197 netmask 0x broadcast xx.yy.41.197 inet xx.yy.41.198 netmask 0x broadcast xx.yy.41.198 inet xx.yy.41.199 netmask 0x broadcast xx.yy.41.199 inet xx.yy.41.200 netmask 0x broadcast xx.yy.41.200 inet xx.yy.41.201 netmask 0x broadcast xx.yy.41.201 inet xx.yy.41.202 netmask 0x broadcast xx.yy.41.202 inet xx.yy.41.203 netmask 0x broadcast xx.yy.41.203 inet xx2.yy2.76.62 netmask 0xffc0 broadcast xx2.yy2.76.63 inet xx.yy.41.207 netmask 0x broadcast xx.yy.41.207 inet xx.yy.41.206 netmask 0x broadcast xx.yy.41.206 media: Ethernet autoselect (100baseTX ) status: active Then: b1# ssh -b xx.yy.41.197 b2 -l myname Open new session and... b1# ssh -b xx.yy.41.198 b2 -l myname Open new session and... b1# ssh -b xx.yy.41.199 b2 -l myname An so on Then on b2: b2# w -n 9:43AM up 803 days, 22:47, 5 users, load averages: 0.07, 0.06, 0.02 USER TTY FROM LOGIN@ IDLE WHAT myname p0 ns0.domainname.org.uk9:28AM14 -csh (csh) myname p1 ns1.domainname.net 9:29AM14 -csh (csh) myname p5 xx.yy.41.199 9:29AM13 -csh (csh) myname p6 xx.yy.41.201 9:30AM - w -n myname p7 xx.yy.41.207 9:30AM11 -csh (csh) The only problem I can see there is that the -n option isn't working on w! I'll look in to that. The reverse lookups match the IP addressed dialled in on. b2 has the same sshd bound to all IP addresses, incidentally. b1 has more than one interface, but all the IP addresses I used are on the same one. My guess, if you're not getting this, is that you're configuring the aliases in a different way, so the output of ipconfig might help, even if it just convinces me the netmask is correct and stops me worrying. I've obviously obfuscated the first part of mine. Or have I misunderstood the problem? Regards, Frank. P.S. Just for completeness: b1# netstat -r Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire defaultxx.yy.41.193 UGS112374 7203472736 bge0 The default route does go through that interface. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Way to be announced about security updates and new releases
On Wed, Aug 21, 2013, at 1:54, Antonio Kless wrote: > Is there any way to be noticed, when security updates or new releases are > available? > > https://twitter.com/freebsd nearly would be a solution, if it did not > repostquestions from its > subscribers and other information that is not related to updates. > http://twitter.com/freebsdsecurity is probably what you're looking for. There are several twitter accounts run by FreeBSD members ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
TLS Range on current thread
Hi, I want to add support to the LDC D compiler for FreeBSD, the current version of D has moved to TLS by default. The__tls_get_addr method links correctly but this crashes at runtime on garbage collection as the address range could wrong. What is the best way to determine the address range for the TLS segment for the current thread? Thanks Sumit ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FreeBSD ports problem
I have been trying to install virtualbox support for my FreeBSD 9.1. A package named v4l_compat-1.0.20120501.tar.gz is causing problems in the installation. The package was downloaded automatically and it exists in /usr/ports/distfiles, yet it keeps giving an error stating that the file doesn't exist. Please help. *Harpreet Singh Chawla* ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD ports problem
On Thu, Aug 29, 2013 at 7:32 PM, Harpreet Singh Chawla < preet10101...@gmail.com> wrote: > I have been trying to install virtualbox support for my FreeBSD 9.1. A > package named v4l_compat-1.0.20120501.tar.gz is causing problems in the > installation. The package was downloaded automatically and it exists in > /usr/ports/distfiles, yet it keeps giving an error stating that the file > doesn't exist. > > Please help. > *Harpreet Singh Chawla* > ___ > No idea about virtualbox port, but have you tried deleting the offending file (rm -f /usr/ports/distfiles/v4l_compat-1.0.20120501.tar.gz)? Amitabh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD ports problem
On Thu, Aug 29, 2013 at 11:39 PM, Harpreet Singh Chawla < preet10101...@gmail.com> wrote: > yup...did it...and downloaded manually... > But its giving a checksum matching error. > > *Harpreet Singh Chawla* > > > On 29 August 2013 22:48, Amitabh Kant wrote: > >> >> On Thu, Aug 29, 2013 at 7:32 PM, Harpreet Singh Chawla < >> preet10101...@gmail.com> wrote: >> >>> I have been trying to install virtualbox support for my FreeBSD 9.1. A >>> package named v4l_compat-1.0.20120501.tar.gz is causing problems in the >>> installation. The package was downloaded automatically and it exists in >>> /usr/ports/distfiles, yet it keeps giving an error stating that the file >>> doesn't exist. >>> >>> Please help. >>> *Harpreet Singh Chawla* >>> ___ >>> >> >> No idea about virtualbox port, but have you tried deleting the offending >> file (rm -f /usr/ports/distfiles/v4l_compat-1.0.20120501.tar.gz)? >> >> Amitabh >> > > After deleting, you don't need to download it manually. The port should download it if needed. Try updating your ports tree to see if the problem has been rectified. Amitabh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On Thu, Aug 29, 2013 at 5:03 AM, Frank Leonhardt wrote: > On 29/08/2013 09:52, Frank Leonhardt wrote: >> Hi Frank thanks for taking the time to try to replicate this. Here is all the detailed info 8.1-RELEASE em0: flags=8843 metric 0 mtu 1500 options=209b ether 00:31:88:bd:b9:3a inet xxx.yyy.52.74 netmask 0xff80 broadcast xxx.yyy.52.127 inet xxx.yyy.52.70 netmask 0xff80 broadcast xxx.yyy.52.127 inet xxx.yyy.52.71 netmask 0xff80 broadcast xxx.yyy.52.127 inet xxx.yyy.52.73 netmask 0xff80 broadcast xxx.yyy.52.127 media: Ethernet autoselect (1000baseT ) status: active I use rc.conf standard practice for aliases: ifconfig_em0="inet xxx.yyy.52.74 netmask 255.255.255.128 -tso" ifconfig_em0_alias0="inet xxx.yyy.52.70 netmask 255.255.255.128 -tso" ifconfig_em0_alias1="inet xxx.yyy.52.71 netmask 255.255.255.128 -tso" ifconfig_em0_alias2="inet xxx.yyy.52.73 netmask 255.255.255.128 -tso" nune# netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire defaultxxx.yyy.52.1 UGS 168 182183463em0 127.0.0.1 link#4 UH 00lo0 [... internal aliases to lo0 here...] xxx.yyy.52.0/25link#1 U 068581em0 xxx.yyy.52.70 link#1 UHS 014363lo0 xxx.yyy.52.71 link#1 UHS 064765lo0 xxx.yyy.52.73 link#1 UHS 00lo0 xxx.yyy.52.74 link#1 UHS 029170lo0 Note the Netif Expire on 71,73,74 are showing lo0 could this be the problem? nune# ssh -b xxx.yyy.52.71 foo@bar Password: > w -n 3:15PM up 130 days, 22:30, 3 users, load averages: 0.00, 0.02, 0.00 USER TTY FROM LOGIN@ IDLE WHAT [...] foo pts/24 xxx.yyy.52.74 3:14PM - w -n I don't know why mine is showing 74 and from your example it should be showing 71. Did you see the article below? http://serverfault.com/questions/12285/when-ip-aliasing-how-does-the-os-determine-which-ip-address-will-be-used-as-sour This seems to be a pretty common issue or it's just a miss-configuration problem? Thanks! Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
chmod go-r /tmp
Hi As I know, all the applications know the names of files they create in /tmp. So is it ok to "chmod go-r /tmp" for security reasons, so the attacker can't get a list of temp files? Won't it break any applications? I search a lot, but I couldn't find anything about it. All the /tmp security hardening advised is to set nosuid,noexec for the partition. Tanks for answers. Kozlov Sergey. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On Thu, Aug 29, 2013 at 12:07 PM, Alejandro Imass wrote: > On Thu, Aug 29, 2013 at 5:03 AM, Frank Leonhardt wrote: >> On 29/08/2013 09:52, Frank Leonhardt wrote: >>> > > Hi Frank thanks for taking the time to try to replicate this. Here is > all the detailed info > > 8.1-RELEASE > > em0: flags=8843 metric 0 mtu 1500 > > options=209b > ether 00:31:88:bd:b9:3a > inet xxx.yyy.52.74 netmask 0xff80 broadcast xxx.yyy.52.127 > inet xxx.yyy.52.70 netmask 0xff80 broadcast xxx.yyy.52.127 > inet xxx.yyy.52.71 netmask 0xff80 broadcast xxx.yyy.52.127 > inet xxx.yyy.52.73 netmask 0xff80 broadcast xxx.yyy.52.127 > media: Ethernet autoselect (1000baseT ) > status: active > > I use rc.conf standard practice for aliases: > > ifconfig_em0="inet xxx.yyy.52.74 netmask 255.255.255.128 -tso" > ifconfig_em0_alias0="inet xxx.yyy.52.70 netmask 255.255.255.128 -tso" > ifconfig_em0_alias1="inet xxx.yyy.52.71 netmask 255.255.255.128 -tso" > ifconfig_em0_alias2="inet xxx.yyy.52.73 netmask 255.255.255.128 -tso" > > nune# netstat -rn > Routing tables > > Internet: > DestinationGatewayFlagsRefs Use Netif Expire > defaultxxx.yyy.52.1 UGS 168 182183463em0 > 127.0.0.1 link#4 UH 00lo0 > [... internal aliases to lo0 here...] > xxx.yyy.52.0/25link#1 U 068581em0 > xxx.yyy.52.70 link#1 UHS 014363lo0 > xxx.yyy.52.71 link#1 UHS 064765lo0 > xxx.yyy.52.73 link#1 UHS 00lo0 > xxx.yyy.52.74 link#1 UHS 029170lo0 > > Note the Netif Expire on 71,73,74 are showing lo0 could this be the problem? > > nune# ssh -b xxx.yyy.52.71 foo@bar > Password: > >> w -n > 3:15PM up 130 days, 22:30, 3 users, load averages: 0.00, 0.02, 0.00 > USER TTY FROM LOGIN@ IDLE WHAT > [...] > foo pts/24 xxx.yyy.52.74 3:14PM - w -n > > I don't know why mine is showing 74 and from your example it should be > showing 71. Did you see the article below? > > http://serverfault.com/questions/12285/when-ip-aliasing-how-does-the-os-determine-which-ip-address-will-be-used-as-sour > > This seems to be a pretty common issue or it's just a > miss-configuration problem? > > Thanks! > > Alejandro Imass > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" Aliases should have a netmask of 255.255.255.255. What you seeing is not typical behaviour on FreeBSD. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-virtual-hosts.html Patrick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On Thu, Aug 29, 2013 at 5:07 PM, Patrick wrote: > On Thu, Aug 29, 2013 at 12:07 PM, Alejandro Imass wrote: >> On Thu, Aug 29, 2013 at 5:03 AM, Frank Leonhardt wrote: >>> On 29/08/2013 09:52, Frank Leonhardt wrote: >> [...] > Aliases should have a netmask of 255.255.255.255. What you seeing is > not typical behaviour on FreeBSD. > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-virtual-hosts.html > > Patrick Thanks for pointing this out, the manual is effectively very clear on this. So, I changed the masks for ALL the aliases on that server to /32. It alone has more than 30 aliases on lo0 and 4 public IPs. I tested and still has the same problem. So I rebooted just in case and the problem still persists: $ ifconfig em0 em0: flags=8843 metric 0 mtu 1500 options=209b ether 00:30:48:bd:b9:1a inet xxx.yyy.52.74 netmask 0xff80 broadcast xxx.yyy.52.127 inet xxx.yyy.52.70 netmask 0x broadcast xxx.yyy.52.70 inet xxx.yyy.52.71 netmask 0x broadcast xxx.yyy.52.71 inet xxx.yyy.52.73 netmask 0x broadcast xxx.yyy.52.73 media: Ethernet autoselect (1000baseT ) status: active $ ssh -b xxx.yyy.52.70 foo@bar Password: 7:58PM up 131 days, 3:14, 1 user, load averages: 0.02, 0.01, 0.00 USER TTY FROM LOGIN@ IDLE WHAT foo pts/14 xxx.yyy.52.74 7:58PM - w -n $ ssh -b xxx.yyy.52.71 foo@bar Password: 7:58PM up 131 days, 3:14, 1 user, load averages: 0.02, 0.01, 0.00 USER TTY FROM LOGIN@ IDLE WHAT foo pts/14 xxx.yyy.52.74 7:58PM - w -n $ ssh -b xxx.yyy.52.73 foo@bar Password: 7:58PM up 131 days, 3:14, 1 user, load averages: 0.02, 0.01, 0.00 USER TTY FROM LOGIN@ IDLE WHAT foo pts/14 xxx.yyy.52.74 7:58PM - w -n I don't understand why I get different results than yours and Frank's. We run a pretty standard set-up so why is this not working for us. Could it be because we turned off TCO on the NIC ? One of you asked about NAT. We are using natd to nat some public ports to other ports on the private IPs that are aliases of lo0. This is for the jails that don't have public IPs we just forward some ports to the jail's ports like this: For example: redirect_port tcp 192.168.101.123:22 12322 redirect_port tcp 192.168.101.123:80 12380 Could this have an effect on OUTBOUND connections?? Seems unlikely to me but I think one of you asked about NAT I suspect for a good reason. I'll turn off the natting temporarily and test. Best, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On Thu, Aug 29, 2013 at 7:53 PM, Alejandro Imass wrote: > On Thu, Aug 29, 2013 at 5:07 PM, Patrick wrote: >> On Thu, Aug 29, 2013 at 12:07 PM, Alejandro Imass >> wrote: >>> On Thu, Aug 29, 2013 at 5:03 AM, Frank Leonhardt wrote: On 29/08/2013 09:52, Frank Leonhardt wrote: > >>> > > [...] > >> Aliases should have a netmask of 255.255.255.255. What you seeing is >> not typical behaviour on FreeBSD. [...] > One of you asked about NAT. We are using natd to nat some public ports > to other ports on the private IPs that are aliases of lo0. This is for > the jails that don't have public IPs we just forward some ports to the > jail's ports like this: > > For example: > > redirect_port tcp 192.168.101.123:22 12322 > redirect_port tcp 192.168.101.123:80 12380 > > Could this have an effect on OUTBOUND connections?? Seems unlikely to > me but I think one of you asked about NAT I suspect for a good reason. > > I'll turn off the natting temporarily and test. > I can confirm that the culprit was natd. Now the question becomes why does natd affect the source IP for an outbound connection?? Is there a way to fix it and keep natd? Seems that Patrick's NAT hunch on hist first reply was right on the money. Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Tools to analyze syslog logs
Hello, What tool do you use to analyze syslog logs? All tools I can see in the ports seems to rely heavily on some big configuration file, that had tons of regexp to filter the event messages. I am wondering if some tool exists that would try to make a classification of the event messages; that one could use to say "this type of message" is close to "that type of message" hence thy should be treated the same way, etc. Best regards, Olivier -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Tools to analyze syslog logs
On Fri, 2013-08-30 at 11:33 +0700, Olivier Nicole wrote: > Hello, > > What tool do you use to analyze syslog logs? > > All tools I can see in the ports seems to rely heavily on some big > configuration file, that had tons of regexp to filter the event messages. > > I am wondering if some tool exists that would try to make a > classification of the event messages; that one could use to say "this > type of message" is close to "that type of message" hence thy should be > treated the same way, etc. > Something similar was recently discussed on NANOG: http://seclists.org/nanog/2013/Aug/530 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
