[Imap-uw] imapd syslog facility selection problem

Fri, 25 Aug 2006 14:35:41 -0700

It seems at first and second glance that something is not quite right with syslogging within imap. I have gotten an occasional compliant about missing log entries. I finally started looking into it and found something I don't quite understand. I had modified the openlog src/osdep/unix/env_env.c call to use LOG_LOCAL4 instead of LOG_MAIL so I could keep these entries separate. Most of the time it works and logs imapd to my separate imap logfile as below: 

[EMAIL PROTECTED] log]# grep "Aug 25" imap messages|fgrep "[17372]"
imap:Aug 25 14:10:44 imap1 imapd[17372]: imaps SSL service init from 128.195.166.131 imap:Aug 25 14:10:44 imap1 imapd[17372]: pam_krb5[17372]: authentication succeeds for 'tomj' ([EMAIL PROTECTED]) imap:Aug 25 14:10:44 imap1 imapd[17372]: Login user=tomj host=weewee.ace.uci.edu [128.195.166.131] imap:Aug 25 14:10:44 imap1 imapd[17372]: Logout user=tomj host=weewee.ace.uci.edu [128.195.166.131] 


Other times, in this case a pam login failure, output continues to be 
directed to the same syslog facility that pam seems to set when it 
writes the failure to syslog as evidenced below:


[EMAIL PROTECTED] log]# grep "Aug 25" imap messages|fgrep "[17469]"

imap:Aug 25 14:12:28 imap1 imapd[17469]: imaps SSL service init from 
216.9.249.71
messages:Aug 25 14:12:28 imap1 imap(pam_unix)[17469]: authentication 
failure; logname= uid=0 euid=0 tty= ruser= rhost=216.9.249.71  user=apang
messages:Aug 25 14:12:28 imap1 imapd[17469]: pam_krb5[17469]: 
authentication succeeds for 'apang' ([EMAIL PROTECTED])
messages:Aug 25 14:12:28 imap1 imapd[17469]: Login user=apang 
host=bda071.bis.na.blackberry.com [216.9.249.71]
messages:Aug 25 14:12:30 imap1 imapd[17469]: Logout user=apang 
host=bda071.bis.na.blackberry.com [216.9.249.71]

[EMAIL PROTECTED] log]#


It would seem that after calling pam that imap should set the syslog 
facility again to prevent this mis-logging. I am running RHEL 4 update 4 
and had noticed this on update 3 as well. The uname output is:



Linux imap1.es.uci.edu 2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:27:17 EDT 
2006 i686 athlon i386 GNU/Linux



Has anyone else noticed this odd behavior? Am I missing something in my 
configuration?


David

--
David Severance
Network and Academic Computing Services
(949) 824-7552
sev at uci dot edu

_______________________________________________
Imap-uw mailing list
[email protected]
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw






















					Reply via email to