[syslog-ng] facility 'security'

Jan Schaumann jschauma at netmeister.org
Tue Aug 25 21:23:28 CEST 2009

Jan Schaumann <jschauma at netmeister.org> wrote:
> It appears that syslog-ng does not correctly identify the 'security'
> facility:
> $ logger -p security.info oink
> yields:
> Aug 25 10:46:43 <d.info> syslog1 oink
> Note the false facility "d".
> In src/syslog-names.c, the mapping for 'security' is done thusly:
> {"security", LOG_AUTH},    /* DEPRECATED */
> FreeBSD, however, appears to still use LOG_SECURITY, which leads to
> syslog-ng falsely categorizing the incoming messages.  I'd be able to
> deal with this if it actually did fall back to LOG_AUTH, but for some
> reason it shows up as facility "d" (which seems like a string comparison
> gone awry).

As a temporary workaround until this is either fixed or the cause of the
problem is shown to be in my configuration or something :-), I'm using
the following patch:

--- src/syslog-names.c.orig     Tue Aug 25 14:52:31 2009
+++ src/syslog-names.c  Tue Aug 25 14:54:41 2009
@@ -45,6 +45,9 @@
   {"authpriv", LOG_AUTHPRIV},
+  {"console", LOG_CONSOLE},
 #ifdef LOG_CRON
   {"cron", LOG_CRON},
@@ -56,7 +59,14 @@
   {"lpr", LOG_LPR},
   {"mail", LOG_MAIL},
   {"news", LOG_NEWS},
+#ifdef LOG_NTP
+  {"ntp", LOG_NTP},
+  {"security", LOG_SECURITY},
   {"security", LOG_AUTH},      /* DEPRECATED */
   {"syslog", LOG_SYSLOG},
   {"user", LOG_USER},
   {"uucp", LOG_UUCP},

I don't know if you guys want to consider using this, too, to allow
FreeBSD users to continue to use the facilities they are used to.  If
you do, I can open a bug for this.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090825/12161159/attachment.pgp 

More information about the syslog-ng mailing list