Recipe 3.18 Logging Access to Your Services

3.18.1 Problem

You want to know who is accessing your services via xinetd .

3.18.2 Solution

Enable logging in the service's configuration file:

/etc/xinetd.conf or /etc/xinetd.d/myservice:
service myservice
{
        ...
        log_type = SYSLOG facility level
        log_on_success = DURATION EXIT HOST PID USERID
        log_on_failure = ATTEMPT HOST USERID
}

xinetd logs to syslog by default. To log to a file instead, modify the preceding log_type line to read:

log_type = FILE filename

3.18.3 Discussion

xinetd can record diagnostic messages via syslog or directly to a file. To use syslog, choose a facility (daemon, local0, etc.) and optionally a log level (crit, warning, etc.), where the default is info.

log_type = SYSLOG daemon                    facility = daemon, level = info
log_type = SYSLOG daemon warning            facility = daemon, level = warning

To log to a file, simply specify a filename:

log_type = FILE /var/log/myservice.log

Optionally you may set hard and soft limits on the size of the log file: see xinetd.conf(5).

Log messages can be generated when services successfully start and terminate (via log_on_success) or when they fail or reject connections (via log_on_failure).

If logging doesn't work for you, the most likely culprit is an incorrect setup in /etc/syslog.conf. It's easy to make a subtle configuration error and misroute your log messages. Run our syslog testing script to see where your messages are going. [Recipe 9.28]

3.18.4 See Also

xinetd.conf(5), syslog.conf(5), inetd.conf(5).