|
|
1ff636 |
From 5e565da856cf4cf919ed1045b01ab461c586395a Mon Sep 17 00:00:00 2001
|
|
|
1ff636 |
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
|
1ff636 |
Date: Wed, 4 Mar 2015 10:31:42 -0500
|
|
|
1ff636 |
Subject: [PATCH] journald: add syslog fields for audit messages
|
|
|
1ff636 |
|
|
|
1ff636 |
Audit messages would be displayed as "unknown[1]".
|
|
|
1ff636 |
|
|
|
1ff636 |
Also specify AUTH as facility... This seems to be the closest match
|
|
|
1ff636 |
(/* security/authorization messages */).
|
|
|
1ff636 |
|
|
|
1ff636 |
(cherry picked from commit cd556b6ca8aec8dd371806afedec45f852f8f724)
|
|
|
1ff636 |
---
|
|
|
1ff636 |
src/journal/journald-audit.c | 6 +++++-
|
|
|
1ff636 |
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
1ff636 |
|
|
|
1ff636 |
diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c
|
|
|
181b3f |
index 151097a6e..77abe2e63 100644
|
|
|
1ff636 |
--- a/src/journal/journald-audit.c
|
|
|
1ff636 |
+++ b/src/journal/journald-audit.c
|
|
|
1ff636 |
@@ -373,7 +373,7 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s
|
|
|
1ff636 |
if (isempty(p))
|
|
|
1ff636 |
return;
|
|
|
1ff636 |
|
|
|
1ff636 |
- n_iov_allocated = N_IOVEC_META_FIELDS + 5;
|
|
|
1ff636 |
+ n_iov_allocated = N_IOVEC_META_FIELDS + 7;
|
|
|
1ff636 |
iov = new(struct iovec, n_iov_allocated);
|
|
|
1ff636 |
if (!iov) {
|
|
|
1ff636 |
log_oom();
|
|
|
1ff636 |
@@ -392,6 +392,10 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s
|
|
|
1ff636 |
sprintf(id_field, "_AUDIT_ID=%" PRIu64, id);
|
|
|
1ff636 |
IOVEC_SET_STRING(iov[n_iov++], id_field);
|
|
|
1ff636 |
|
|
|
1ff636 |
+ assert_cc(32 == LOG_AUTH);
|
|
|
1ff636 |
+ IOVEC_SET_STRING(iov[n_iov++], "SYSLOG_FACILITY=32");
|
|
|
1ff636 |
+ IOVEC_SET_STRING(iov[n_iov++], "SYSLOG_IDENTIFIER=audit");
|
|
|
1ff636 |
+
|
|
|
1ff636 |
m = alloca(strlen("MESSAGE=<audit-") + DECIMAL_STR_MAX(int) + strlen("> ") + strlen(p) + 1);
|
|
|
1ff636 |
sprintf(m, "MESSAGE=<audit-%i> %s", type, p);
|
|
|
1ff636 |
IOVEC_SET_STRING(iov[n_iov++], m);
|