diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2015-03-04 10:31:42 -0500 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2015-03-15 07:35:28 -0400 |
commit | 9555e12d82200b02ad8c54858bcf469e6f2d7e82 (patch) | |
tree | d57a05c68ad0fb6d0db74b7aed36016e99186b75 | |
parent | 69dd93bbe3444dc583581d59389567ab7d59bd6a (diff) |
journald: add syslog fields for audit messages
Audit messages would be displayed as "unknown[1]".
Also specify AUTH as facility... This seems to be the closest match
(/* security/authorization messages */).
(cherry picked from commit cd556b6ca8aec8dd371806afedec45f852f8f724)
-rw-r--r-- | src/journal/journald-audit.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c index c2f1545cc..46eb82fa3 100644 --- a/src/journal/journald-audit.c +++ b/src/journal/journald-audit.c @@ -373,7 +373,7 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s if (isempty(p)) return; - n_iov_allocated = N_IOVEC_META_FIELDS + 5; + n_iov_allocated = N_IOVEC_META_FIELDS + 7; iov = new(struct iovec, n_iov_allocated); if (!iov) { log_oom(); @@ -392,6 +392,10 @@ static void process_audit_string(Server *s, int type, const char *data, size_t s sprintf(id_field, "_AUDIT_ID=%" PRIu64, id); IOVEC_SET_STRING(iov[n_iov++], id_field); + assert_cc(32 == LOG_AUTH); + IOVEC_SET_STRING(iov[n_iov++], "SYSLOG_FACILITY=32"); + IOVEC_SET_STRING(iov[n_iov++], "SYSLOG_IDENTIFIER=audit"); + m = alloca(strlen("MESSAGE=<audit-") + DECIMAL_STR_MAX(int) + strlen("> ") + strlen(p) + 1); sprintf(m, "MESSAGE=<audit-%i> %s", type, p); IOVEC_SET_STRING(iov[n_iov++], m); |