[syslog-ng] facility 'security'
Jan Schaumann
jschauma at netmeister.org
Tue Aug 25 21:23:28 CEST 2009
Jan Schaumann <jschauma at netmeister.org> wrote:
> It appears that syslog-ng does not correctly identify the 'security'
> facility:
>
> $ logger -p security.info oink
>
> yields:
>
> Aug 25 10:46:43 <d.info> syslog1 oink
>
> Note the false facility "d".
>
> In src/syslog-names.c, the mapping for 'security' is done thusly:
>
> {"security", LOG_AUTH}, /* DEPRECATED */
>
> FreeBSD, however, appears to still use LOG_SECURITY, which leads to
> syslog-ng falsely categorizing the incoming messages. I'd be able to
> deal with this if it actually did fall back to LOG_AUTH, but for some
> reason it shows up as facility "d" (which seems like a string comparison
> gone awry).
As a temporary workaround until this is either fixed or the cause of the
problem is shown to be in my configuration or something :-), I'm using
the following patch:
--- src/syslog-names.c.orig Tue Aug 25 14:52:31 2009
+++ src/syslog-names.c Tue Aug 25 14:54:41 2009
@@ -45,6 +45,9 @@
#ifdef LOG_AUTHPRIV
{"authpriv", LOG_AUTHPRIV},
#endif
+#ifdef LOG_CONSOLE
+ {"console", LOG_CONSOLE},
+#endif
#ifdef LOG_CRON
{"cron", LOG_CRON},
#endif
@@ -56,7 +59,14 @@
{"lpr", LOG_LPR},
{"mail", LOG_MAIL},
{"news", LOG_NEWS},
+#ifdef LOG_NTP
+ {"ntp", LOG_NTP},
+#endif
+#ifdef LOG_SECURITY
+ {"security", LOG_SECURITY},
+#else
{"security", LOG_AUTH}, /* DEPRECATED */
+#endif
{"syslog", LOG_SYSLOG},
{"user", LOG_USER},
{"uucp", LOG_UUCP},
I don't know if you guys want to consider using this, too, to allow
FreeBSD users to continue to use the facilities they are used to. If
you do, I can open a bug for this.
-Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090825/12161159/attachment.pgp
More information about the syslog-ng
mailing list