grsecurity forums

hi!

i use linux2.4.21-grsec with exec_logging, all exec were logged in /var/log/kern.log.

syslog.conf:
kern.* -/var/log/kern.log

is there a way to log all execs to an extra-file?
kern.log becomes realy big...

thx for help.
//richard

i use metalog and it can do regex, so i just added a check for !grsec to all logs the messages would normally go into, and add a special file logging only grsec messages. I guess there must be some way of doing this with syslogd, altho i don't know exactly how to do it. I guess the syslogd manuals are a good start

Sleight of Mind wrote:i use metalog and it can do regex, so i just added a check for !grsec to all logs the messages would normally go into, and add a special file logging only grsec messages. I guess there must be some way of doing this with syslogd, altho i don't know exactly how to do it. I guess the syslogd manuals are a good start

hi!

i know about the "syslogd-way".

//richard

I don't think ordinary syslog can do regex matching, but I know both syslog-ng and metalog can. Maybe you should change your system-logger?

goodbyte wrote:I don't think ordinary syslog can do regex matching, but I know both syslog-ng and metalog can. Maybe you should change your system-logger?

hi!

it works fine with syslog-ng.
thx for the info!

//richard