<p dir="ltr">Hi Evan..thanks for the reply but both sending and receiving servers are same OS.. Solaris 10</p>
<div class="gmail_quote">On Jul 28, 2015 12:18 PM, "Evan Rempel" <<a href="mailto:erempel@uvic.ca">erempel@uvic.ca</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Well, that is probably because the host
where syslog-ng was compiled is a different OS than that where the
"audit" facility log line was created.<br>
<br>
For instance, on a Linux host, the syslog.h file from the system
only has these facilities defined.<br>
<br>
CODE facilitynames[] =<br>
{<br>
{ "auth", LOG_AUTH },<br>
{ "authpriv", LOG_AUTHPRIV },<br>
{ "cron", LOG_CRON },<br>
{ "daemon", LOG_DAEMON },<br>
{ "ftp", LOG_FTP },<br>
{ "kern", LOG_KERN },<br>
{ "lpr", LOG_LPR },<br>
{ "mail", LOG_MAIL },<br>
{ "mark", INTERNAL_MARK }, /* INTERNAL */<br>
{ "news", LOG_NEWS },<br>
{ "security", LOG_AUTH }, /* DEPRECATED */<br>
{ "syslog", LOG_SYSLOG },<br>
{ "user", LOG_USER },<br>
{ "uucp", LOG_UUCP },<br>
{ "local0", LOG_LOCAL0 },<br>
{ "local1", LOG_LOCAL1 },<br>
{ "local2", LOG_LOCAL2 },<br>
{ "local3", LOG_LOCAL3 },<br>
{ "local4", LOG_LOCAL4 },<br>
{ "local5", LOG_LOCAL5 },<br>
{ "local6", LOG_LOCAL6 },<br>
{ "local7", LOG_LOCAL7 },<br>
<br>
<br>
with values of<br>
<br>
/* facility codes */<br>
#define LOG_KERN (0<<3) /* kernel messages */<br>
#define LOG_USER (1<<3) /* random user-level
messages */<br>
#define LOG_MAIL (2<<3) /* mail system */<br>
#define LOG_DAEMON (3<<3) /* system daemons */<br>
#define LOG_AUTH (4<<3) /* security/authorization
messages */<br>
#define LOG_SYSLOG (5<<3) /* messages generated
internally by syslogd */<br>
#define LOG_LPR (6<<3) /* line printer subsystem */<br>
#define LOG_NEWS (7<<3) /* network news subsystem */<br>
#define LOG_UUCP (8<<3) /* UUCP subsystem */<br>
#define LOG_CRON (9<<3) /* clock daemon */<br>
#define LOG_AUTHPRIV (10<<3) /* security/authorization
messages (private) */<br>
#define LOG_FTP (11<<3) /* ftp daemon */<br>
<br>
/* other codes through 15 reserved for system use */<br>
#define LOG_LOCAL0 (16<<3) /* reserved for local use */<br>
#define LOG_LOCAL1 (17<<3) /* reserved for local use */<br>
#define LOG_LOCAL2 (18<<3) /* reserved for local use */<br>
#define LOG_LOCAL3 (19<<3) /* reserved for local use */<br>
#define LOG_LOCAL4 (20<<3) /* reserved for local use */<br>
#define LOG_LOCAL5 (21<<3) /* reserved for local use */<br>
#define LOG_LOCAL6 (22<<3) /* reserved for local use */<br>
#define LOG_LOCAL7 (23<<3) /* reserved for local use */<br>
<br>
<br>
so there is no audit facility.<br>
<br>
Hope that explains it.<br>
<br>
<br>
On 07/28/2015 09:08 AM, Justin Kala wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div><br clear="all">
Hi</div>
<div><br>
</div>
<div>Syslog-ng is unable to recognize the facility audit. When I
put filter as audit and restart syslog-ng it errors out. When
I put the facility code as 13 ,it does not error on restarting
the service but does not capture the syslog message received
through this filter code 13 as well.</div>
<div><br>
</div>
<div>Please advise.<br>
-- <br>
</div>
<div>Kaladhar</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
<br>
<pre cols="500">--
Evan Rempel <a href="mailto:erempel@uvic.ca" target="_blank">erempel@uvic.ca</a>
Senior Systems Administrator <a href="tel:250.721.7691" value="+12507217691" target="_blank">250.721.7691</a>
Data Centre Services, University Systems, University of Victoria
</pre>
</div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div>