[syslog-ng] FreeBSD 8 LOG_SECURITY and LOG_AUTH confused
Brian A. Seklecki
lavalamp at spiritual-machines.org
Thu Mar 18 17:13:03 CET 2010
Guys something shit the bed with 3.0.3 on 8.0-PL:
----- config ----------------
source src { unix-dgram("/var/run/log");
filter f_security { facility(security); };
filter f_auth { facility(auth); };
destination security { file("/var/log/security"
template(cfi_template)); };
destination authlog { file("/var/log/auth.log"
template(cfi_template)); };
log { source(src); filter(f_security); destination(security);
flags(final); };
log { source(src); filter(f_auth); destination(authlog);
flags(final); };
-------------------------
# /usr/local/sbin/syslog-ng -p /var/run/syslog.pid -tevdF
Syslog connection established; fd='5',
server='AF_INET(192.168.128.XXX:514)', local='AF_INET(0.0.0.0:0)'
Running application hooks; hook='1'
Running application hooks; hook='3'
syslog-ng starting up; version='3.0.3'
^Z
[5]+ Stopped /usr/local/sbin/syslog-ng
-p /var/run/syslog.pid -tevdF
[root at cfi-db-corp ~]# bg
[root at cfi-db-corp ~]# echo test | logger -p auth.info
Incoming log entry; line='<38>Mar 18 15:57:40 bseklecki: test'
Filter rule evaluation begins; filter_rule='f_ams'
Filter node evaluation result; filter_result='not-match',
filter_type='level'
Filter node evaluation result; filter_result='not-match',
filter_type='AND'
Filter node evaluation result; filter_result='not-match',
filter_type='AND'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_ams'
Filter rule evaluation begins; filter_rule='f_auth'
Filter node evaluation result; filter_result='match',
filter_type='facility'
Filter rule evaluation result; filter_result='match',
filter_rule='f_auth'
Filter rule evaluation begins; filter_rule='f_ams'
Filter node evaluation result; filter_result='not-match',
filter_type='level'
Filter node evaluation result; filter_result='not-match',
filter_type='AND'
Filter node evaluation result; filter_result='not-match',
filter_type='AND'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_ams'
Filter rule evaluation begins; filter_rule='f_authpriv'
Filter node evaluation result; filter_result='not-match',
filter_type='facility'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_authpriv'
Filter rule evaluation begins; filter_rule='f_kern'
Filter node evaluation result; filter_result='not-match',
filter_type='facility'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_kern'
Filter rule evaluation begins; filter_rule='f_user'
Filter node evaluation result; filter_result='not-match',
filter_type='facility'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_user'
Filter rule evaluation begins; filter_rule='f_mail'
Filter node evaluation result; filter_result='not-match',
filter_type='facility'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_mail'
Filter rule evaluation begins; filter_rule='f_security'
Filter node evaluation result; filter_result='match',
filter_type='facility'
Filter rule evaluation result; filter_result='match',
filter_rule='f_security'
Initializing destination file writer; template='/var/log/security',
filename='/var/log/security'
The two fixes I can find are:
- Move: "log { source(src); filter(f_security);.." below
"log { source(src); filter(f_auth);..." ...wait, what?!
- Remove reference to LOG_SECURITY
/usr/include/syslog.h defines for Facility->index mappings haven't
changed since RELENG_6, so I'm not sure what to make of this.
Very strange,
~BAS
More information about the syslog-ng
mailing list