Jan Schaumann <jschauma@netmeister.org> wrote:
It appears that syslog-ng does not correctly identify the 'security' facility:
$ logger -p security.info oink
yields:
Aug 25 10:46:43 <d.info> syslog1 oink
Note the false facility "d".
In src/syslog-names.c, the mapping for 'security' is done thusly:
{"security", LOG_AUTH}, /* DEPRECATED */
FreeBSD, however, appears to still use LOG_SECURITY, which leads to syslog-ng falsely categorizing the incoming messages. I'd be able to deal with this if it actually did fall back to LOG_AUTH, but for some reason it shows up as facility "d" (which seems like a string comparison gone awry).
As a temporary workaround until this is either fixed or the cause of the problem is shown to be in my configuration or something :-), I'm using the following patch: --- src/syslog-names.c.orig Tue Aug 25 14:52:31 2009 +++ src/syslog-names.c Tue Aug 25 14:54:41 2009 @@ -45,6 +45,9 @@ #ifdef LOG_AUTHPRIV {"authpriv", LOG_AUTHPRIV}, #endif +#ifdef LOG_CONSOLE + {"console", LOG_CONSOLE}, +#endif #ifdef LOG_CRON {"cron", LOG_CRON}, #endif @@ -56,7 +59,14 @@ {"lpr", LOG_LPR}, {"mail", LOG_MAIL}, {"news", LOG_NEWS}, +#ifdef LOG_NTP + {"ntp", LOG_NTP}, +#endif +#ifdef LOG_SECURITY + {"security", LOG_SECURITY}, +#else {"security", LOG_AUTH}, /* DEPRECATED */ +#endif {"syslog", LOG_SYSLOG}, {"user", LOG_USER}, {"uucp", LOG_UUCP}, I don't know if you guys want to consider using this, too, to allow FreeBSD users to continue to use the facilities they are used to. If you do, I can open a bug for this. -Jan