Public bug reported: Binary package hint: sysklogd
Ubuntu 8.10 sysklogd 1.5-2ubuntu6 >From syslog.conf MAN page ---- Quote ---- The facility is one of the following keywords: auth, authpriv, cron, daemon, ftp, kern, lpr, mail, mark, news, security (same as auth), sys‐ log, user, uucp and local0 through local7. ---- endQuote ---- My silly D-Link DIR-655 router puts its syslog on the Log Audit facility 13 (which is 104 in the 32-bit PRI). It took me quite a bit of reverse engineering to figure that out. I'll make the following proposal based on that finding, but it would be even better if someone could find a copy of syslog.h (mentioned in the MAN page) and extract all of the supported facility names. (I did review the source and couldn't find it myself, it's probably in some global header or config file for making inet-tools.) ---- Proposed Change ---- The facility is one of the following keywords: auth, authpriv, cron, daemon, ftp, kern, logaudit, lpr, mail, mark, news, security (same as auth), sys‐ log, user, uucp and local0 through local7. ---- end ---- I also found something else in the meantime, close and related and easy to fix... ---- Quote ---- ... Both parts are case insensitive and can also be specified as decimal numbers corresponding to the definitions in <syslog.h>. ---- endQuote ---- This is probably incorrect, as I was able to find an old Berkeley syslog.h and it turns out that you have to multiply the decimal number by 8. So logaudit (13) becomes 104 and both logaudit.info and 104.info works correctly in syslog.conf while 13.info does not. Here is my suggestion ---- Quote ---- ... Both parts are case insensitive and can also be specified as decimal numbers corresponding to the numerical code being used in the PRI part of the RFC 3164 message from the logging device. (Note: the facility's numerical code is multiplied by 8 before being used in the PRI part, and syslog.conf requires this too. For example, network news facilities have a facility identifier of 7, therefore news.local and 56.local are equivalent in syslog.conf.) ---- endQuote ---- Thanks Robb Topolski ** Affects: sysklogd (Ubuntu) Importance: Undecided Status: New -- undocumented logaudit facility, how to log unknown facilities https://bugs.launchpad.net/bugs/302237 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs