[syslog-ng]Logging Remotely from Solaris to Linux Update

Brad Arlt arlt@cpsc.ucalgary.ca
Tue, 4 Jun 2002 07:18:50 -0600


On Tue, Jun 04, 2002 at 09:22:15AM +0200, Balazs Scheidler wrote:
> On Mon, Jun 03, 2002 at 11:36:06AM -0500, Ron Braley wrote:
> > Hi Bazsi
> > 
> > Here's an update and continued question:  Everything seems to be fine
> > when syslogging remotely from the Solaris box to the Linux box except
> > that cron priorities of debug - critical don't get sent (just emerg). 
> > Also, Solaris and Linux boxes alike won't send daemon priorities debug
> > or information messages to the log host.
> 
> this might be caused by the different facility codes between linux and
> solaris. Syslog-ng uses the codes of the host operating system it was
> compiled on. Maybe a feature to map facility codes would be useful.

Usually I just a bunch of #defines in syslog-names.c and slap the extra
facilities on sl_facilities[].

I only ever bother with this on our loghost, but it is very useful.
Linux, Solaris, Irix, and BSD are all a little bit different, and it
is handy to be able to handle various faculities correctly.

For example I handle the Linux/BSD authpriv, auth, and the BSD only
"security" facilities the same, but my loghost runs Solaris and doesn't
know about the other two facility by default.

Having this built in so I can define it in a configuration file would
be sweet!  But I am looking more for an index than a map (or maybe that is
what you meant by map).

What I'd like is something like:
(9<<3)  -> CRON		/* !Sun */
(11<<3) -> FTP		/* Linux */
(12<<3) -> NTP		/* BSD */
(13<<3) -> AUDIT	/* Irix */
(13<<3) -> SECURITY	/* BSD */
(15<<3) -> CRON		/* Sun */
----------------------------------------------------------------------------
   __o		Bradley Arlt				Security Team Lead
 _ \<_		arlt@cpsc.ucalgary.ca			University Of Calgary
(_)/(_) 	http://pages.cpsc.ucalgary.ca/~arlt/	Computer Science