17.2.2. Option Fields
In addition to basic rules allowing and denying access, the Red Hat Enterprise Linux implementation of TCP wrappers supports extensions to the access control language through option fields. By using option fields within hosts access rules, administrators can accomplish a variety of tasks such as altering log behavior, consolidating access control, and launching shell commands.
17.2.2.1. Logging
Option fields let administrators easily change the log facility and priority level for a rule by using the
severity
directive.
In the following example, connections to the SSH daemon from any host in the
example.com
domain are logged to the default authpriv
syslog
facility (because no facility value is specified) with a priority of emerg
:
sshd : .example.com : severity emerg
It is also possible to specify a facility using the
severity
option. The following example logs any SSH connection attempts by hosts from the example.com
domain to the local0
facility with a priority of alert
:
sshd : .example.com : severity local0.alert
Note
In practice, this example does not work until the syslog daemon (
syslogd
) is configured to log to the local0
facility. Refer to the syslog.conf
man page for information about configuring custom log facilities.