QUICKSTART instructions: rpm's are available at the download site http://www.speakeasy.org/~roux/dmn ---------------------------------------------------------------------------- 1) Unpack the distribution in a convienient place. | 2) type "make easy" | 3) read the documentation. (README or "man firelogd") | | Firelogd should now be quietly waiting for hits on your firewall. It will | send you email when the default number of hits is reached (default 10). | Go read the man page...it is short. | | ---------------------------------------------------------------------------- DO NOT USE MAKE EASY IF: you do not have syslog (/etc/syslog.conf) you do not use SYSV init (/etc/rc.d/rc.init/syslog restart) "make easy" was tested on RedHat 6.2, if you have a different distribution you should read the section below to make sure things will get installed correctly. _______________________________________________________ If you had any trouble or you want to do it yourself: 1. Edit the file "dmn.h" to match your preference. The defaults should work on most installations. (1) Make sure that "MAILCMD" works on your system. (2) Set BUFFERSIZE to something reasonable for you. -this can be overridden at the command line. (3) Change the log source (LOGFILE) if you want. -this can be overridden at the command line. (4) Set the MAILTARGET if root won't work for you -this can be overridden at the command line. 2. If you didn't change the log source enter the command: mkfifo /var/log/kernelpipe 3. Edit /etc/syslog.conf and add the line: kern.info |/var/log/kernelpipe 4. If you want to use the precompiled binary, put it somewhere. -- OR -- Build the sources and install: "make install" - will put it in /usr/sbin it will also attempt to set up your init scripts and install the template and lookup files in /etc 8. Run the program: firelogd *no options prints to screen -d become a daemon (default mailbuffer and email address) -b set mailbuffer size , become a daemon (default mailbuffer size is 10) -e specify the email address for alerts (default email is root@localhost) - take log data on stdin for parsing -k kill the firelogd daemon process -m mixed logs (tables and chains) -s disable extended port/service lookup -l specify the log file or FIFO (default is /var/log/kernelpipe) -t