[syslog-ng] [RFC]: syslog-ng and UNIX credentials

Evan Rempel erempel at uvic.ca
Wed Dec 11 13:55:39 CET 2013 

If the PID is replaced by this new feature then the PID included in the message would be lost and according to the syslog RFC the item in [] is a unique identifier and NOT always a PID. I think that the PID included in the message should be retained, perhaps in another macro such as EPID for effective PID or something that matches the RFC description.


Sent from Samsung Mobile


-------- Original message --------
From: Gergely Nagy
Date:12/10/2013 9:16 AM (GMT-06:00)
To: syslog-ng OSE list
Subject: [syslog-ng] [RFC]: syslog-ng and UNIX credentials

Hi!

We had a short chat with Bazsi earlier today, and he's working on a
feature that will allow syslog-ng to pick out UNIX credentials passed
through unix sockets (such as /dev/log). This means that we receive the
PID, the UID and the GID of the sending program, and can opt to store it
someplace. So far, syslog-ng was not doing that, but with the new
feature, it becomes possible to store these.

The idea at the moment is, is to have a flag for unix-* sources that
enables collecting these credentials. If turned off (the default, unless
using system(), which would turn it on for /dev/log), nothing changes.
If turned on, it would replace the $PID sent over the socket with the
one extracted from credentials. It would also add the "${.unix.GID}" and
"${.unix.UID}" properties to the log message, along with "${.unix.EXE}"
on platforms that support looking up the executable (Linux, for now).

We'd like to invite the broader community to share your feelings about
this feature, the naming of the properties and how You would like it to
work, if you're interested in making use of this functionality.

--
|8]

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20131211/002c93c6/attachment.htm

More information about the syslog-ng mailing list