How much more work would it be to have the .unix.login and/or the .unix.group into this? To get the login as a post/processed item may be difficult as the login may not be available on a syslog server, and over time the uid to login may change making historic logs less accurate/usable. Evan. On 12/23/2013 08:45 AM, bugzilla@wwwold.balabit.com wrote:
https://bugzilla.balabit.com/show_bug.cgi?id=265
--- Comment #4 from Balazs Scheidler <bazsi@balabit.hu> 2013-12-23 17:45:20 ---
My cleaned up patches destined to be integrated to 3.6 master are now available at the same branch, it contains a bit more functionality than what you have requested, as unix-dgram/unix-stream sources add
.unix.pid, .unix.uid., .unix.gid, .unix.exe and .unix.cmdline to the message when they are received.
.unix.pid is used to populate $PID in the system() source.
It'll get integrated to master shortly.
If you have any further comments, feedback, etc, those would be appreciated.
Thanks.