[syslog-ng] Filtering using SO_PEERCRED

Balazs Scheidler bazsi at balabit.hu
Mon Sep 24 08:41:47 CEST 2007

On Fri, 2007-09-21 at 17:55 +0100, Simon Arlott wrote:
> I've attached a patch that uses SO_PEERCRED to find the PID/UID/GID of the 
> application using syslog. I wanted to be able to prevent users faking messages 
> but at the same time not lose some of sshd's messages that are sent from a 
> non-privileged process. The next step would be to send users' other messages 
> to /home/$FROM_USER/syslog which would be owned by them - but owner(....) is 
> only evaluated at startup...

Thanks for your contribution. The patch seems to be nicely implemented
some nits here and there, but nothing severe.

Could you please sign our contributor license agreement and fax it to us
so I can actually use the code you posted?

The document is here: http://www.balabit.com/dl/CLA_patch.pdf


More information about the syslog-ng mailing list