Hi, This makes sense, thus I've committed the following patch to the syslog-ng 3.1 branch (which had no releases so far). It should be applicable to 3.0 as well, but I don't intend to backport it. commit 8a0commit 8a02601f81791a519de568f900276ceedd3ca6c9 Author: Balazs Scheidler <bazsi@balabit.hu> Date: Fri Sep 4 09:55:18 2009 +0200 [syslog-names] decouple the facility/severity codes known by syslog-ng from the system defined codes Until now syslog-ng depended on the values defined in <syslog.h> to implement the severity/facility name lookups. Since BSD uses a couple of new facility codes which are not defined on other system, this patch removes this dependency and hard-codes the values defined by RFC3164, the Linux syslog.h header and the BSD syslog.h header. This makes syslog-ng know about "ntp", "security" and "console" facilities. Even on non-BSD systems. On Tue, 2009-08-25 at 15:23 -0400, Jan Schaumann wrote:
Jan Schaumann <jschauma@netmeister.org> wrote:
It appears that syslog-ng does not correctly identify the 'security' facility:
$ logger -p security.info oink
yields:
Aug 25 10:46:43 <d.info> syslog1 oink
Note the false facility "d".
In src/syslog-names.c, the mapping for 'security' is done thusly:
{"security", LOG_AUTH}, /* DEPRECATED */
FreeBSD, however, appears to still use LOG_SECURITY, which leads to syslog-ng falsely categorizing the incoming messages. I'd be able to deal with this if it actually did fall back to LOG_AUTH, but for some reason it shows up as facility "d" (which seems like a string comparison gone awry).
As a temporary workaround until this is either fixed or the cause of the problem is shown to be in my configuration or something :-), I'm using the following patch:
--- src/syslog-names.c.orig Tue Aug 25 14:52:31 2009 +++ src/syslog-names.c Tue Aug 25 14:54:41 2009 @@ -45,6 +45,9 @@ #ifdef LOG_AUTHPRIV {"authpriv", LOG_AUTHPRIV}, #endif +#ifdef LOG_CONSOLE + {"console", LOG_CONSOLE}, +#endif #ifdef LOG_CRON {"cron", LOG_CRON}, #endif @@ -56,7 +59,14 @@ {"lpr", LOG_LPR}, {"mail", LOG_MAIL}, {"news", LOG_NEWS}, +#ifdef LOG_NTP + {"ntp", LOG_NTP}, +#endif +#ifdef LOG_SECURITY + {"security", LOG_SECURITY}, +#else {"security", LOG_AUTH}, /* DEPRECATED */ +#endif {"syslog", LOG_SYSLOG}, {"user", LOG_USER}, {"uucp", LOG_UUCP},
I don't know if you guys want to consider using this, too, to allow FreeBSD users to continue to use the facilities they are used to. If you do, I can open a bug for this.
-Jan ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Bazsi