[syslog-ng] facility 'security'

[Jan Schaumann]

Jan Schaumann <jschauma at netmeister.org> wrote:
 
> It appears that syslog-ng does not correctly identify the 'security'
> facility:
> 
> $ logger -p security.info oink
> 
> yields:
> 
> Aug 25 10:46:43 <d.info> syslog1 oink
> 
> Note the false facility "d".
> 
> In src/syslog-names.c, the mapping for 'security' is done thusly:
> 
> {"security", LOG_AUTH},    /* DEPRECATED */
> 
> FreeBSD, however, appears to still use LOG_SECURITY, which leads to
> syslog-ng falsely categorizing the incoming messages.  I'd be able to
> deal with this if it actually did fall back to LOG_AUTH, but for some
> reason it shows up as facility "d" (which seems like a string comparison
> gone awry).

As a temporary workaround until this is either fixed or the cause of the
problem is shown to be in my configuration or something :-), I'm using
the following patch:

--- src/syslog-names.c.orig     Tue Aug 25 14:52:31 2009
+++ src/syslog-names.c  Tue Aug 25 14:54:41 2009
@@ -45,6 +45,9 @@
 #ifdef LOG_AUTHPRIV
   {"authpriv", LOG_AUTHPRIV},
 #endif
+#ifdef LOG_CONSOLE
+  {"console", LOG_CONSOLE},
+#endif
 #ifdef LOG_CRON
   {"cron", LOG_CRON},
 #endif
@@ -56,7 +59,14 @@
   {"lpr", LOG_LPR},
   {"mail", LOG_MAIL},
   {"news", LOG_NEWS},
+#ifdef LOG_NTP
+  {"ntp", LOG_NTP},
+#endif
+#ifdef LOG_SECURITY
+  {"security", LOG_SECURITY},
+#else
   {"security", LOG_AUTH},      /* DEPRECATED */
+#endif
   {"syslog", LOG_SYSLOG},
   {"user", LOG_USER},
   {"uucp", LOG_UUCP},


I don't know if you guys want to consider using this, too, to allow
FreeBSD users to continue to use the facilities they are used to.  If
you do, I can open a bug for this.

-Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090825/12161159/attachment.pgp