Public bug reported:
Binary package hint: sysklogd
Ubuntu 8.10 sysklogd 1.5-2ubuntu6
>From syslog.conf MAN page
---- Quote ----
The facility is one of the following keywords: auth, authpriv, cron,
daemon, ftp, kern, lpr, mail, mark, news, security (same as auth), sys‐
log, user, uucp and local0 through local7.
---- endQuote ----
My silly D-Link DIR-655 router puts its syslog on the Log Audit facility
13 (which is 104 in the 32-bit PRI). It took me quite a bit of reverse
engineering to figure that out. I'll make the following proposal based
on that finding, but it would be even better if someone could find a
copy of syslog.h (mentioned in the MAN page) and extract all of the
supported facility names. (I did review the source and couldn't find it
myself, it's probably in some global header or config file for making
inet-tools.)
---- Proposed Change ----
The facility is one of the following keywords: auth, authpriv, cron,
daemon, ftp, kern, logaudit, lpr, mail, mark, news, security (same as
auth), sys‐
log, user, uucp and local0 through local7.
---- end ----
I also found something else in the meantime, close and related and easy
to fix...
---- Quote ----
... Both parts are case insensitive and can
also be specified as decimal numbers corresponding to the definitions
in <syslog.h>.
---- endQuote ----
This is probably incorrect, as I was able to find an old Berkeley syslog.h and
it turns
out that you have to multiply the decimal number by 8. So logaudit (13)
becomes 104 and
both logaudit.info and 104.info works correctly in syslog.conf while 13.info
does not.
Here is my suggestion
---- Quote ----
... Both parts are case insensitive and can
also be specified as decimal numbers corresponding to the numerical code
being
used in the PRI part of the RFC 3164 message from the logging device.
(Note:
the facility's numerical code is multiplied by 8 before being used in
the PRI part,
and syslog.conf requires this too. For example, network news facilities
have a facility
identifier of 7, therefore news.local and 56.local are equivalent in
syslog.conf.)
---- endQuote ----
Thanks
Robb Topolski
** Affects: sysklogd (Ubuntu)
Importance: Undecided
Status: New
--
undocumented logaudit facility, how to log unknown facilities
https://bugs.launchpad.net/bugs/302237
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
