The log file of sysmask --------------------------------------------- The log file registers all refused sysmask requests, including file/socket access and system calls, for processes with the log mask set. This is very useful when configuring sysmask for a software, but should be disabled for processes under normal work. It is NEVER intended to register bad attempts. In fact, in order to prevent DoS attacks, each process can only register a limited number of log lines (500 actually). If you don't want a "bad" process to turn on the log mask while you don't want it to log anything, set the "sysmask" mask. The logfile is named /var/log/smkd.log, and is only readable by people without denyid mask. You don't need to rotate it, because it is automatically limited in length (4M actually). When the length limit is exceeded, the file is moved to /var/log/smkd.log.old (erasing the old /var/log/smkd.log.old if there is one), and a fresh one is created. Each line of the logfile registers a refusal. It contains several fields separated by spaces: Field 1: request time This is under a very rudimentary time format, with no timezone translation. Field 2: user name of the euid of the process Field 3: system token of the process Field 4: user token of the process Field 5: process id Field 6: type of the operation field 7: syscal number and name for syscall request, and pathname of the request in other cases. field 8: daemon reply: option bits in hexadecimal followed by a decimal errno value. ------------------------------------------------- Any user on the system can read the part of the log file that concerns him/her, if the system administrator allows it. The tool for this is the small script /usr/bin/smlog. To make it effective, the execution of this script must trigger a token switch towards "smlog" token. Therefore if the user's login token has this token switch defined, he has only to type "smlog", and the last part of the log file belonging to him will be printed. (It only prints out the log of the day, limited to 500 last lines.)