<p dir="ltr">Hi,</p>
<p dir="ltr">Thanks for the response.</p>
<p dir="ltr">Well, thats right. I was thinking on having this enabled only on /dev/log automatically via the system driver. But even there could be disabled by using the lower level drivers directly.</p>
<p dir="ltr">I havent seen anything that would use that field for something else. Did you?</p>
<p dir="ltr">Also, journal/rsyslog is doing the same.</p>
<div class="gmail_quote">On Dec 11, 2013 1:56 PM, "Evan Rempel" <<a href="mailto:erempel@uvic.ca">erempel@uvic.ca</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>
<div>If the PID is replaced by this new feature then the PID included in the message would be lost and according to the syslog RFC the item in [] is a unique identifier and NOT always a PID. I think that the PID included in the message should be retained, perhaps
in another macro such as EPID for effective PID or something that matches the RFC description.</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div style="font-size:9px;color:#575757">Sent from Samsung Mobile</div>
</div>
<br>
<br>
-------- Original message --------<br>
From: Gergely Nagy <br>
Date:12/10/2013 9:16 AM (GMT-06:00) <br>
To: syslog-ng OSE list <br>
Subject: [syslog-ng] [RFC]: syslog-ng and UNIX credentials <br>
<br>
</div>
<font><span style="font-size:10pt">
<div>Hi!<br>
<br>
We had a short chat with Bazsi earlier today, and he's working on a<br>
feature that will allow syslog-ng to pick out UNIX credentials passed<br>
through unix sockets (such as /dev/log). This means that we receive the<br>
PID, the UID and the GID of the sending program, and can opt to store it<br>
someplace. So far, syslog-ng was not doing that, but with the new<br>
feature, it becomes possible to store these.<br>
<br>
The idea at the moment is, is to have a flag for unix-* sources that<br>
enables collecting these credentials. If turned off (the default, unless<br>
using system(), which would turn it on for /dev/log), nothing changes.<br>
If turned on, it would replace the $PID sent over the socket with the<br>
one extracted from credentials. It would also add the "${.unix.GID}" and<br>
"${.unix.UID}" properties to the log message, along with "${.unix.EXE}"<br>
on platforms that support looking up the executable (Linux, for now).<br>
<br>
We'd like to invite the broader community to share your feelings about<br>
this feature, the naming of the properties and how You would like it to<br>
work, if you're interested in making use of this functionality.<br>
<br>
-- <br>
|8]<br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">
http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</div>
</span></font>
</div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div>