minserv.error log and Webmin Access Denied

I use Webmin IP Access Control to allow only certain IPs access. When someone tries to hack in the Access Denied error appears to only in the miniserv.error log but not in secure.log.

I would first like to know why the message doesn’t log in secure.log. The reason I ask is because I use ossec-hids active response to permanently deny hacking IP’s which then adds them to iptables. Ossec scans the secure log and if it is not there it can’t ban. So is there a way to do this? When Webmin bans a host does it just add the IP to hosts.deny?

Howdy,

Webmin is logging using it’s own log facility.

The contents of the secure log is written to by syslog – for something to log to the secure logfile, it’d have to go through syslog.

It appears that Webmin has an option to enable logging through syslog. That’s in Webmin -> Webmin -> Logging -> Also log to syslog.

I haven’t tried that before, so I’m not sure how exactly that’ll work, or what syslog facility it’s using, but that’s where I’d start :slight_smile:
-Eric

I have experimented with Webmin’s log features and “Also log to syslog” actually behaves more like “Also log from syslog” in that /var/log/messages/ are now appearing in webmin.log. I thought it would work the other way around.

I also encountered another issue and don’t know if it’s me or a bug but disable logging has no effect on webmin.log. It seems to now be using all log facilities regardless of the fact the logging is disabled.