[syslog-ng] facility 'security'

Balazs Scheidler bazsi at balabit.hu
Fri Sep 4 09:58:31 CEST 2009 

Hi,

This makes sense, thus I've committed the following patch to the
syslog-ng 3.1 branch (which had no releases so far). 

It should be applicable to 3.0 as well, but I don't intend to backport
it.

commit 8a0commit 8a02601f81791a519de568f900276ceedd3ca6c9
Author: Balazs Scheidler <bazsi at balabit.hu>
Date:   Fri Sep 4 09:55:18 2009 +0200

    [syslog-names] decouple the facility/severity codes known by syslog-ng from the system defined codes
    
    Until now syslog-ng depended on the values defined in <syslog.h> to implement
    the severity/facility name lookups.
    
    Since BSD uses a couple of new facility codes which are not defined on
    other system, this patch removes this dependency and hard-codes the
    values defined by RFC3164, the Linux syslog.h header and the BSD syslog.h
    header.
    
    This makes syslog-ng know about "ntp", "security" and "console" facilities.
    Even on non-BSD systems.



On Tue, 2009-08-25 at 15:23 -0400, Jan Schaumann wrote:
> Jan Schaumann <jschauma at netmeister.org> wrote:
>  
> > It appears that syslog-ng does not correctly identify the 'security'
> > facility:
> > 
> > $ logger -p security.info oink
> > 
> > yields:
> > 
> > Aug 25 10:46:43 <d.info> syslog1 oink
> > 
> > Note the false facility "d".
> > 
> > In src/syslog-names.c, the mapping for 'security' is done thusly:
> > 
> > {"security", LOG_AUTH},    /* DEPRECATED */
> > 
> > FreeBSD, however, appears to still use LOG_SECURITY, which leads to
> > syslog-ng falsely categorizing the incoming messages.  I'd be able to
> > deal with this if it actually did fall back to LOG_AUTH, but for some
> > reason it shows up as facility "d" (which seems like a string comparison
> > gone awry).
> 
> As a temporary workaround until this is either fixed or the cause of the
> problem is shown to be in my configuration or something :-), I'm using
> the following patch:
> 
> --- src/syslog-names.c.orig     Tue Aug 25 14:52:31 2009
> +++ src/syslog-names.c  Tue Aug 25 14:54:41 2009
> @@ -45,6 +45,9 @@
>  #ifdef LOG_AUTHPRIV
>    {"authpriv", LOG_AUTHPRIV},
>  #endif
> +#ifdef LOG_CONSOLE
> +  {"console", LOG_CONSOLE},
> +#endif
>  #ifdef LOG_CRON
>    {"cron", LOG_CRON},
>  #endif
> @@ -56,7 +59,14 @@
>    {"lpr", LOG_LPR},
>    {"mail", LOG_MAIL},
>    {"news", LOG_NEWS},
> +#ifdef LOG_NTP
> +  {"ntp", LOG_NTP},
> +#endif
> +#ifdef LOG_SECURITY
> +  {"security", LOG_SECURITY},
> +#else
>    {"security", LOG_AUTH},      /* DEPRECATED */
> +#endif
>    {"syslog", LOG_SYSLOG},
>    {"user", LOG_USER},
>    {"uucp", LOG_UUCP},
> 
> 
> I don't know if you guys want to consider using this, too, to allow
> FreeBSD users to continue to use the facilities they are used to.  If
> you do, I can open a bug for this.
> 
> -Jan
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
> 
-- 
Bazsi

More information about the syslog-ng mailing list