Re: shishid: Usage of syslog facilities.

[Mats Erik Andersson]

torsdag den 16 augusti 2012 klockan 08:46 skrev Simon Josefsson detta:
> Russ Allbery <address@hidden> writes:
> 
> > Simon Josefsson <address@hidden> writes:
> >
> >> I believe these are important for knowing when someone got a ticket, so
> >> they should definitely be in the syslog.  If we are changing this one to
> >> LOG_AUTH, many other messages should also be moved, since they also
> >> print user information.  However, I wonder what MIT/Heimdal does, or
> >> what other servers do, like sshd?
> >
> > Heimdal uses LOG_AUTH.  I believe MIT does as well, although I'm finding
> > it difficult to locate the exact code that sets the default.  sshd uses
> > LOG_AUTH.
> 
> Thanks -- I have changed shishid to use LOG_AUTHPRIV now (we'll see how
> portable that is compared to LOG_AUTH...).

Right decision, a clear improvement.

GNU/Linux and BSD offer

    { "auth",     LOG_AUTH },
    { "authpriv", LOG_AUTHPRIV }

as distinct facilities, Solaris offer only

    { "auth",     LOG_AUTH }

and commercial unices are not available to me.
Anyway, you should provide for LOG_AUTH.

BSD systems use two different settings as standard,
and the are not using "/var/log/syslog" at all:

     auth.notice                 /dev/console
     auth.notice;authpriv.none   /var/log/messages
     auth.info;authpriv.info     /var/log/auth.log

     -rw-r--r--  root:wheel      /var/log/messages
     -rw-------  root:wheel      /var/log/auth.log

or

     auth,authpriv.none       /var/log/messages
     auth.info                /var/log/authlog
     authpriv.debug           /var/log/secure

     -rw-r--r--  root:wheel   /var/log/messages
     -rw-r-----  root:wheel   /var/log/authlog
     -rw-------  root:wheel   /var/log/secure


Regards,

  Mats E A