Date: Tue, 8 Aug 2000 12:39:50 +1000 (EST) From: Gregory Bond <gnb@itga.com.au> To: FreeBSD-gnats-submit@freebsd.org Subject: docs/20477: [Patch] Document syslogd's special treatment of kern messages Message-ID: <200008080239.MAA07171@hellcat.itga.com.au>
next in thread | raw e-mail | index | archive | help
>Number: 20477 >Category: docs >Synopsis: Document syslogd's special treatment of kern messages >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Mon Aug 07 19:40:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Gregory Bond >Release: FreeBSD 4.1-STABLE i386 >Organization: ITG Australia Limited >Environment: 4.1-Stable, syslog between two machines. >Description: Attempting to send syslog messages between two machines fails for messages for facility kern (e.g. output from IPFIREWALL or log_in_vain). This is because syslogd has an undocumented feature that treats all messages for kern.<level> as if they were for user.<level> unless the message comes directly from the kernel via the /dev/klog interface. >How-To-Repeat: Attempt to log kern.* to a remote machine. Note that packets are sent/received but never logged according to the receiving machine's .conf file. (See also line 541 of syslogd.c in RELENG_4.) >Fix: The attached patch (against RELENG_4) documents this behaviour in syslog.conf(5) and syslogd(8). Knowing this, the user can adjust the syslog.conf file on the loghost appropriately. (My apologies in advance for inappropriate macro usage, I'm really not a troff person!) Index: syslog.conf.5 =================================================================== RCS file: /usr/ncvs/src/usr.sbin/syslogd/syslog.conf.5,v retrieving revision 1.16 diff -u -r1.16 syslog.conf.5 --- syslog.conf.5 2000/03/01 14:08:36 1.16 +++ syslog.conf.5 2000/08/08 02:34:08 @@ -224,6 +224,24 @@ disables a particular .Em facility . .Pp +If a syslog message is received for the facility +.Em kern , +but is not received directly from the kernel via the +.Pa /dev/klog +device, then +.Xr syslogd +silently translates the facility to +.Em user . +In particular, this means that when sending kernel logging messages to +a remote loghost, they will be processed as facility +.Em user +on the remote system. +This also means it is not possible to inject +.Em kern +messages using the +.Xr logger 1 +or similar program. +.Pp The .Em action field of each line specifies the action to be taken when the Index: syslogd.8 =================================================================== RCS file: /usr/ncvs/src/usr.sbin/syslogd/syslogd.8,v retrieving revision 1.22 diff -u -r1.22 syslogd.8 --- syslogd.8 2000/03/01 14:08:36 1.22 +++ syslogd.8 2000/08/08 02:36:48 @@ -184,6 +184,14 @@ This priority code should map into the priorities defined in the include file .Aq Pa sys/syslog.h . +If the priority code maps to the facility +.Em kern , +but the message is not received via the +.Pa /dev/klog +device, then +.Nm +silently changes the facility code to +.Em user . .Sh FILES .Bl -tag -width /var/run/syslog.pid -compact .It Pa /etc/syslog.conf >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008080239.MAA07171>