Re: shishid: Usage of syslog facilities.

[Simon Josefsson]

Mats Erik Andersson <address@hidden> writes:

> torsdag den 16 augusti 2012 klockan 08:46 skrev Simon Josefsson detta:
>> Russ Allbery <address@hidden> writes:
>> 
>> > Simon Josefsson <address@hidden> writes:
>> >
>> >> I believe these are important for knowing when someone got a ticket, so
>> >> they should definitely be in the syslog.  If we are changing this one to
>> >> LOG_AUTH, many other messages should also be moved, since they also
>> >> print user information.  However, I wonder what MIT/Heimdal does, or
>> >> what other servers do, like sshd?
>> >
>> > Heimdal uses LOG_AUTH.  I believe MIT does as well, although I'm finding
>> > it difficult to locate the exact code that sets the default.  sshd uses
>> > LOG_AUTH.
>> 
>> Thanks -- I have changed shishid to use LOG_AUTHPRIV now (we'll see how
>> portable that is compared to LOG_AUTH...).
>
> Right decision, a clear improvement.
>
> GNU/Linux and BSD offer
>
>     { "auth",     LOG_AUTH },
>     { "authpriv", LOG_AUTHPRIV }
>
> as distinct facilities, Solaris offer only
>
>     { "auth",     LOG_AUTH }
>
> and commercial unices are not available to me.
> Anyway, you should provide for LOG_AUTH.
>
> BSD systems use two different settings as standard,
> and the are not using "/var/log/syslog" at all:

Interesting.  The reason I used LOG_AUTHPRIV instead of LOG_AUTH was
that my syslog manpage (Ubuntu 12.04) says:

       LOG_AUTH       security/authorization    messages    (DEPRECATED    Use
                      LOG_AUTHPRIV instead)

I kind of guessed that the situation wasn't as simple as that...

/Simon