{"id":730,"date":"2009-09-07T09:11:17","date_gmt":"2009-09-07T09:11:17","guid":{"rendered":"http:\/\/pchero21.com\/?p=730"},"modified":"2009-09-07T09:11:17","modified_gmt":"2009-09-07T09:11:17","slug":"debian-%ec%97%90%ec%84%9c-psad-%ec%8b%a4%ed%96%89-%eb%b0%9c%ec%83%9d-%ec%97%90%eb%9f%ac","status":"publish","type":"post","link":"http:\/\/pchero21.com\/?p=730","title":{"rendered":"Debian \uc5d0\uc11c psad \uc2e4\ud589 \ubc1c\uc0dd \uc5d0\ub7ec&#8230;"},"content":{"rendered":"<p>&nbsp;\ubc29\ud654\ubcbd \ub85c\uadf8 \uad00\ub9ac\ub97c \uc704\ud574 psad\ub97c \uc124\uce58\ud558\uace0 \uc2e4\ud589\ud558\ub824\ub294 \uc911 \uc774\uc0c1\ud55c \uc5d0\ub7ec\uc640 \ub9cc\ub0ac\ub2e4.<\/p>\n<blockquote><p>&nbsp;Ultra60:~# \/etc\/init.d\/psad start<br \/>ERR: Syslog has not been configured to send messages to<br \/>\/var\/lib\/psad\/psadfifo. Please configure it as described in psad(8).<\/p><\/blockquote>\n<p>&nbsp;\uc5d0\ub7ec \uba54\uc2dc\uc9c0\ub97c \ud655\uc778\ud558\uace0 psad \ub9e8\ud398\uc774\uc9c0\ub97c \uc5f4\uc5b4\ubcf4\uc558\ub2e4.<\/p>\n<p><img loading=\"lazy\" src=\"http:\/\/pchero21.com\/wp-content\/uploads\/1\/XX5Rifk87Q.png\" class=\"aligncenter\" width=\"560\" height=\"329\" alt=\"User image\" \/><br \/>&nbsp;\ud654\uba74 \ud558\ub2e8\uc5d0 \ubcf4\uc774\ub294 \ud55c \uc904\uc758 \uae00\uadc0.<\/p>\n<blockquote><p>&nbsp; psad Syslog needs to be configured to write all kern.info messages to a named pipe \/var\/lib\/psad\/psadfifo. A simple<\/p>\n<p>&nbsp; echo -e \u2019kern.infot|\/var\/lib\/psad\/psadfifo\u2019 &gt;&gt; \/etc\/syslog.conf<\/p><\/blockquote>\n<p>&nbsp;\uc544! \uc774\uac70\uad6c\ub098! \ubc14\ub85c \ubcf5\uc0ac\ub97c \ud574\uc11c \uc785\ub825\ud574 \ubcf4\uc558\ub2e4.<\/p>\n<p>&nbsp;\ud558\uc9c0\ub9cc \uacb0\uacfc\ub294 \uc554\ub2f4.<\/p>\n<blockquote><p>Ultra60:~# echo -e \u2019kern.infot|\/var\/lib\/psad\/psadfifo\u2019 &gt;&gt; \/etc\/syslog.conf<br \/>-su: \/var\/lib\/psad\/psadfifo\u2019: No such file or directory<\/p><\/blockquote>\n<p>&nbsp;\uc544&#8230;. \uacb0\uad6d \uad6c\uae00\ub9c1\uc774\uc5c8\ub2e4. \uc5ed\uc2dc\ub098 \uad6c\uae00\uc2e0\uc740 \ub2e4 \uc54c\uace0 \uacc4\uc168\ub2e4.<\/p>\n<p>&nbsp;\ub2e4\uc74c\uc758 \uc0ac\uc774\ud2b8\uc5d0\uc11c \ud574\uacb0\ubc95\uc744 \ucc3e\uc744 \uc218 \uc788\uc5c8\ub2e4.<br \/>&nbsp;<a href=\"http:\/\/otype.de\/index.php?id=139\" target=\"_blank\">http:\/\/otype.de\/index.php?id=139<\/a><\/p>\n<p>&nbsp;\uc704\uc758 \uba85\ub839\ub77c\uc778\uacfc \ube44\uc2b7\ud55c \ub0b4\uc6a9\uc774\uc5c8\ub294\ub370 <\/p>\n<p>&nbsp;You will find the answer to the problem in the psad manpage \u2026 I\u2019ll just post the solution here (slightly changed):<\/p>\n<p><code>$ echo -e 'kern.infot|\/var\/lib\/psad\/psadfifo' | sudo tee -a \/etc\/syslog.conf<\/code><\/p>\n<p><code>$ sudo \/etc\/init.d\/sysklogd restart<\/code>\n<\/p>\n<blockquote>\n<address><span style=\"color: rgb(255, 0, 0);\"><strong>Don\u2019t forget the <code>-a<\/code> in the <code>tee<\/code> command \u2026 or you will wipe out your <code>syslog.conf<\/code>!<\/strong><\/span><\/address>\n<\/blockquote>\n<p>&nbsp;\ub0b4\uac00 \ubcf4\uae30\uc5d0\ub294 man \ud398\uc774\uc9c0\uc5d0 \ub098\uc640\uc788\ub294 \ubc29\ubc95\uacfc \ubcc4 \ub2e4\ub978 \ucc28\uc774\uc810\uc744 \ubc1c\uacac\ud558\uc9c0 \ubabb\ud558\uc600\ub2e4. root \uad8c\ud55c\uc73c\ub85c \uc785\ub825\ud55c \uba85\ub839\uc5b4\uc774\uae30 \ub54c\ubb38\uc5d0 sudo \uc640 \uac19\uc740 \uba85\ub839\uc5b4\ub294 \ubd88 \ud544\uc694\ud560\ud150\ub370.. tee \ub77c\ub294 \uba85\ub839\uc5b4\uc5d0 -a \uc635\uc158\uc774 \ud574\uacb0\uc778\uac83 \uac19\uc558\ub2e4.<\/p>\n<p>&nbsp;\ud574\uacb0\uc740 \ud588\uc9c0\ub9cc \ucc1d\ucc1d\ud558\ub2e4. tee \uba85\ub839\uc5b4\uc5d0 \ub300\ud574 \uacf5\ubd80\uc880 \ud574\uc57c\uaca0\ub2e4.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp;\ubc29\ud654\ubcbd \ub85c\uadf8 \uad00\ub9ac\ub97c \uc704\ud574 psad\ub97c \uc124\uce58\ud558\uace0 \uc2e4\ud589\ud558\ub824\ub294 \uc911 \uc774\uc0c1\ud55c \uc5d0\ub7ec\uc640 \ub9cc\ub0ac\ub2e4. &nbsp;Ultra60:~# \/etc\/init.d\/psad startERR: Syslog has not been configured to send messages to\/var\/lib\/psad\/psadfifo. Please configure it as described in psad(8). &nbsp;\uc5d0\ub7ec \uba54\uc2dc\uc9c0\ub97c \ud655\uc778\ud558\uace0 psad \ub9e8\ud398\uc774\uc9c0\ub97c \uc5f4\uc5b4\ubcf4\uc558\ub2e4. &nbsp;\ud654\uba74 \ud558\ub2e8\uc5d0 \ubcf4\uc774\ub294 \ud55c &hellip; <a href=\"http:\/\/pchero21.com\/?p=730\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[25],"tags":[311,623],"_links":{"self":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts\/730"}],"collection":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=730"}],"version-history":[{"count":0,"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts\/730\/revisions"}],"wp:attachment":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=730"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}