On Mon, 19 Mar 2007 18:38:30 BST, Balazs Scheidler said:
Do you need this information for locally generated messages or messages that are received on a network? For local processes it should be possible to get the sender's credentials, at least on some of the platform that syslog-ng supports. What platform are you using?
Note that as the Linux LSPP project has found out, "the sender's credentials" is a very squishy concept indeed. You already have a (admittedly possibly forged) process name/number in the message. The real gotcha is that the vast majority of the time, you already *know* the answer to this question - if it's sendmail, or ssh, or any one of the vast flock of daemon processes that do the majority of logging, it's "root" or "apache" or "cups" or similar. What you're often more interested in is "The identity of the user on who's behalf this message was generated". You already *know* that the message is from CUPS - what you want to know is which user's print job bombed and caused the message.