Log Files

Ok, my understanding is that, with the lines I've added to the /etc/syslogd.conf file, I've instructed syslog to the file /var/log/secure any event that is logged to the AUTH facility. You can see in the /etc/ssh/sshd_config file that sshd is configured to log that facility. Here is the relevent line from my sshd_config file:

Code:

#SyslogFacility AUTH

So, any service that is configured to log to the AUTH facility will appear in the /var/log/secure. My ftp server, vsftp, logs to it's own file as you can see in the vsftpd.conf file:

Code:

# Log to the syslog daemon instead of using an logfile.
#
syslog_enable=NO
#
# Uncomment this to log all FTP requests and responses.
#
log_ftp_protocol=YES
#
# Activate logging of uploads/downloads.
#
xferlog_enable=YES
#
# You may override where the log file goes if you like. The default is shown
# below.
#
#vsftpd_log_file=/var/log/vsftpd.log
#

But you will notice that I could have logged to the syslog facility had I changed syslog_enable to YES. I suppose you could manually configure any event you chose to log to the AUTH facility which would then appear in /var/log/secure. I couldn't tell you how to do that though.

Back to your question, it seems possible that any config file into which you enter the command to log to AUTH will log to the secure file. Although now that I look I don't see any options for changing the logging behavior of SAMBA in /usr/share/doc/packages/samba/examples/smb.conf.SUSE
Beats me.

OK, thanks for the explanation!