xinetd.log - xinetd service log format
A service configuration may specify various degrees of logging
when attempts are made to access the service. When logging for a service is
enabled, xinetd will generate one-line log entries which have the
following format (all entries have a timestamp as a prefix):
entry: service-id data
The data depends on the entry. Possible entry
types include:
- START
- generated when a server is started
- EXIT
- generated when a server exits
- FAIL
- generated when it is not possible to start a server
- USERID
- generated if the USERID log option is used.
- NOID
- generated if the USERID log option is used, and the IDONLY
service flag is used, and the remote end does not identify who is trying
to access the service.
In the following, the information enclosed in brackets appears if
the appropriate log option is used.
A START entry has the format:
START: service-id [pid=%d]
[from=%d.%d.%d.%d]
An EXIT entry has the format:
EXIT: service-id [type=%d] [pid=%d]
[duration=%d(sec)]
type can be either status or signal. The
number is either the exit status or the signal that caused process
termination.
A FAIL entry has the format:
FAIL: service-id reason
[from=%d.%d.%d.%d]
Possible reasons are:
- fork
- a certain number of consecutive fork attempts failed (this number is a
configurable parameter)
- time
- the time check failed
- address
- the address check failed
- service_limit
- the allowed number of server instances for this service would be
exceeded
- process_limit
- a limit on the number of forked processes was specified and it would be
exceeded
A DATA entry has the format:
DATA: service-id data
The data logged depends on the service.
- login
- remote_user=%s local_user=%s tty=%s
- exec
- remote_user=%s verify=status command=%s
Possible status values:
- ok
- the password was correct
- failed
- the password was incorrect
- baduser
- no such user
- shell
- remote_user=%s local_user=%s command=%s
- finger
- received string or EMPTY-LINE
A USERID entry has the format:
USERID: service-id text
The text is the response of the identification daemon at
the remote end excluding the port numbers (which are included in the
response).
A NOID entry has the format:
NOID: service-id IP-address
reason