[syslog-ng] Syslog-ng not working with tcp_wrappers

Liam Kirsher liamk at numenet.com
Fri Mar 13 22:49:38 CET 2009 

Balazs,

Thanks. I got it working.  I think the problem was a combination of the
missing newline and also reverse DNS doesn't work correctly for EC2
instances (at least, I don't know how to get it to return our name and
not the Amazon name).  Putting in the ip addresses solved that problem.

Liam

Balazs Scheidler wrote:
> On Thu, 2009-03-12 at 13:40 -0700, Liam Kirsher wrote:
>   
>> Syslog-ng doesn't seem to be respecting tcp_wrappers security.
>>
>> I compiled syslog-ng (v. 3) with
>> $ ./configure --sysconfdir=/etc/syslog-ng/ --enable-tcp-wrapper -- 
>> enable-sql --enable-dynamic-linking
>>
>> Although, I do notice this warning in config.log:
>> configure:7282: gcc -o conftest -g -O2 -Wall   conftest.c  -lwrap >&5
>> conftest.c: In function 'main':
>> conftest.c:43: warning: control reaches end of non-void function
>> configure:7288: $? = 0
>> configure:7309: result: -lwrap
>>
>> However, the compile is successful.
>>
>>
>> My hosts.allow file is:
>> #
>> # hosts.allow	This file describes the names of the hosts which are
>> #		allowed to use the local INET services, as decided
>> #		by the '/usr/sbin/tcpd' server.
>> #
>> sshd: ALL
>> #syslog-ng: localhost, p3.mydomain.com, p4.mydomain.com
>>
>> #
>> # hosts.deny	This file describes the names of the hosts which are
>> #		*not* allowed to use the local INET services, as decided
>> #		by the '/usr/sbin/tcpd' server.
>> ALL: ALL
>>
>> Note that the syslog-ng process is commented out, but syslog-ng still  
>> works.  Apparently, it's not checking the hosts.* files.
>>
>> Any idea ?
>>     
>
> Well, I haven't tested tcpd support for ages, but after a quick  test
> with your configuration it works for me:
>
> Syslog connection rejected by tcpd; from='AF_INET(127.0.0.1:53905)'
>
> Do you have ENABLE_TCP_WRAPPER defined in config.h after the configure
> run?
>
> Also, please make sure that you have an empty line at the end of the
> hosts.allow & hosts.deny files as the last line is not interpreted by
> libwrap if it has no NL character at the end.
>
>   

-- 
Liam Kirsher
PGP: http://liam.numenet.com/pgp/

More information about the syslog-ng mailing list