diff --git a/ChangeLog b/ChangeLog
index 09e7adacc..367bf2c65 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,9 @@
    getgrouplist via getgrset on AIX, rather than iterating over getgrent.
    This allows, eg, Match and AllowGroups directives to work with NIS and
    LDAP groups.
+ - (dtucker) [sshd.c] Bug #1042: make log messages for tcpwrappers use the
+   same SyslogFacility as the rest of sshd.  Patch from William Knox,
+   ok djm@.
 
 20080225
  - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
@@ -3641,4 +3644,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4845 2008/02/28 12:16:04 dtucker Exp $
+$Id: ChangeLog,v 1.4846 2008/02/28 12:20:48 dtucker Exp $
diff --git a/sshd.c b/sshd.c
index 9144bbaea..345ee4315 100644
--- a/sshd.c
+++ b/sshd.c
@@ -122,8 +122,8 @@
 #ifdef LIBWRAP
 #include <tcpd.h>
 #include <syslog.h>
-int allow_severity = LOG_INFO;
-int deny_severity = LOG_WARNING;
+int allow_severity;
+int deny_severity;
 #endif /* LIBWRAP */
 
 #ifndef O_NOCTTY
@@ -1747,6 +1747,8 @@ main(int ac, char **av)
 	audit_connection_from(remote_ip, remote_port);
 #endif
 #ifdef LIBWRAP
+	allow_severity = options.log_facility|LOG_INFO;
+	deny_severity = options.log_facility|LOG_WARNING;
 	/* Check whether logins are denied from this host. */
 	if (packet_connection_is_on_socket()) {
 		struct request_info req;