'Re: [psad-discuss] psad on Ubuntu 8.04 Server: syslogd not'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       psad-discuss
Subject:    Re: [psad-discuss] psad on Ubuntu 8.04 Server: syslogd not
From:       Michael Rash <mbr () cipherdyne ! org>
Date:       2008-11-17 1:08:43
Message-ID: 20081117010843.GA3299 () cipherdyne ! org
[Download RAW message or body]

On Nov 12, 2008, Sam Kuper wrote:

> 2008/11/12 Sam Kuper <spk30@cam.ac.uk>:
> > I'd been wondering what that \t was for, and had tried googling it (to
> > no avail). I'll try to trace what prompted me to insert it (as I
> > recall, I copied and pasted that line from somewhere - either the psad
> > man page or a page on cipherdyne) and reply to the list.
> 
> I'm pretty sure it was the man-page. I've just tried installing psad
> on another Hardy server (using 'sudo aptitude install psad'), and I'll
> describe what happened as though I hadn't been posting to this thread:
> in other words, as though it were my first time installing psad.
> 
> During the install the following lines are printed to the terminal:
> 
> ERR: Syslog has not been configured to send messages to
> /var/lib/psad/psadfifo. Please configure it as described in psad(8).
> 
> So I read the manpage, and it says:
> 
> psad Syslog needs to be configured to write all kern.info messages to
> a named pipe /var/lib/psad/psadfifo. A simple
> 
>               echo -e ākern.info\t|/var/lib/psad/psadfifoā >> /etc/syslog.conf
> 
>        will do. Remember also to restart syslog after the changes to this file.
> 
> Now I'm pretty sure that the ā characters shouldn't be there:
> presumably they ought to be quotation marks or apostrophes or
> something. So I check my character encoding settings in PuTTY, which
> is what I use to log in to the server, and set them to UTF-8, which I
> believe is the Ubuntu default, and set the terminal-type string to
> "linux". Now that line in the man page looks like this:
> 
> echo -e 'kern.info\t|/var/lib/psad/psadfifo' >> /etc/syslog.conf
> 
> I'm still learning Linux, and I don't know what the \t is supposed to
> do, but I figure that since the apostrophes are displaying correctly
> now and I can't see any other character encoding errors, that must
> indeed be the intended command. So I execute it, and even under sudo
> it gives:
> 
> -bash: /etc/syslog.conf: Permission denied
> 
> So I figure maybe there's something about the syslog.conf that means I
> can't echo to it, even under sudo - much like the /etc/shadow example
> given at http://aplawrence.com/Basics/sudo.html
> 
> At this point, I realise it's probably easier just to use vim to paste
> in the line, and I end up in ... the mess that made me start this
> thread :)
> 
> Now, it's still unclear to me why the echo -e command didn't work
> (maybe it really is like the /etc/shadow example given at
> http://aplawrence.com/Basics/sudo.html  - I think it probably is,
> because using sudo -i to become root and then executing the command
> does work), but I should have noticed that the -e option means that
> echo is supposed to interpret backslash escapes, and that this means
> the \t ought to be expanded into a [tab] in the syslog.conf line.
> 
> So, the problem was largely my fault for not noticing that, but partly
> also the man page's fault for telling me to execute a command that
> wouldn't work except as root, and which didn't mention this point.
> 
> At any rate, I'm very grateful for psad's existence, and for all the
> help in getting it working for me! And I'd be happy to consider filing
> a bug against the psad man page in Ubuntu Hardy, asking that the need
> to become root to run the command is mentioned, if anyone on this list
> thinks it might be worthwhile for me to do so.

I will fix the \t problem in the man page, and thanks for noticing the
issue.

--Mike



> Thanks again,
> 
> Sam
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic