Your message dated Fri, 14 Oct 2016 11:50:41 +0000
with message-id <e1bv10b-0003n2...@franck.debian.org>
and subject line Bug#835369: Removed package(s) from unstable
has caused the Debian Bug report #587779,
regarding dsyslog: auth.log condition pattern { facility "auth*"; }; does not
seem to work as intended
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
587779: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587779
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dsyslog
Version: 0.6.0+b1
Severity: normal
condition pattern { facility "auth*"; };
I think that the above directive is supposed to send auth and authpriv
to /var/log/auth.log
The experience on my system was that using pattern { facility "auth*"; }
did not log ssh failures to /var/log/auth.log
The attached diff gives the final solution I came to in detail but I might
elaborate here also.
Changing the condition pattern to be instead:
condition literal { facility auth; };
would have some but not all ssh failure logging going to /var/log/auth.log
To ensure authpriv goes to /var/log/auth.log aswell I then added
output file { path "/var/log/auth.log"; condition literal { facility
authpriv; }; };
And that almost did the job but some messages were still not making it
into /var/log/auth.log so I added a final line:
output file { path "/var/log/auth.log"; condition literal { program sshd; };
};
The end result was that output file /var/log/auth.log is defined 3 times
(repeated definition of output file is okay I think)
in order to achieve the original intention of default dsyslog.conf
in condition pattern { facility "auth*"; };
I have two Desktops and two servers running squeeze and will
be happy to retest things if further examples are beneficial.
I like dsyslog and am very grateful to the package maintainer for
making it available in Debian.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.18-194.3.1.el5xen (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages dsyslog depends on:
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libglib2.0-0 2.24.1-1 The GLib library of C routines
ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr
Versions of packages dsyslog recommends:
ii logrotate 3.7.8-6 Log rotation utility
Versions of packages dsyslog suggests:
pn dsyslog-module-gnutls <none> (no description available)
pn dsyslog-module-mysql <none> (no description available)
pn dsyslog-module-postgresql <none> (no description available)
-- Configuration Files:
/etc/dsyslog.conf changed:
/*
* dsyslog example config for Debian.
*
* Comments are either C-style (like this block), C++ style (//) or
* shell style (#).
*
* This file serves to be a drop-in replacement for most sites using
* sysklogd. For the uninitiated, dsyslog creates a series of streams
* which go from sources and get routed to many sinks. In between, there
* are filters, which act on all messages, and conditionals, which control
* whether or not an output accepts that message. This can be compared to
* for example syslog-ng's architecture.
*
* So, it's a little different than traditional sysklogd.
*/
/*
* loadmodule controls what modules are loaded into dsyslog.
*/
loadmodule "source_localsock.so";
loadmodule "source_mark.so";
loadmodule "source_klogfile.so";
loadmodule "source_udp.so";
loadmodule "filter_dropprog.so";
loadmodule "filter_droppriority.so";
loadmodule "filter_regexp.so";
loadmodule "output_file.so";
loadmodule "output_udp.so";
loadmodule "cond_literal.so";
loadmodule "cond_pattern.so";
/*
* sources define where dsyslog gets it's data:
* this one adds the syslogd socket.
*/
source localsock { path "/dev/log"; };
/*
* this one adds the kernel log buffer, /proc/kmsg.
*/
source klogfile { path "/proc/kmsg"; };
/*
* this one adds a source that generates "-- MARK --" which
* runs on a timer. it is for those who found that feature useful
* in syslogd.
*/
source mark;
/*
* this one adds a udp listener. as such it's commented out.
*/
/*
* you can use the dropprog filter to drop syslog messages
* from programs you don't care about entirely. for example,
* to drop logs from NetworkManager, uncomment the line below.
*/
/*
* you can also use the droppriority filter to drop syslog messages by
* BSD syslog facility and severity. At present, you must specify both.
*/
/*
* you can also filter by regexp; thanks to micah for the regexp.
* if enabled, this will replace all IPv4 IPs in your logs with 0.0.0.0.
*
* in some countries, it is recommended to do this, and infact is generally
* considered a best practice. in several countries (USA, UK, etc), ip addresses
* are seen as personal data and are covered under privacy protection laws.
* by filtering them, you may not be subject to those laws.
*/
output file {
path "/var/log/auth.log";
condition literal { facility auth; };
};
output file { path "/var/log/auth.log"; condition literal { facility
authpriv; }; };
output file { path "/var/log/auth.log"; condition literal { program sshd; };
};
output file {
path "/var/log/syslog";
condition pattern { facility "!auth*"; };
};
output file {
path "/var/log/cron.log";
condition literal { facility cron; };
};
output file {
path "/var/log/daemon.log";
condition literal { facility daemon; };
};
output file {
path "/var/log/kern.log";
condition literal { facility kernel; };
};
output file {
path "/var/log/lpr.log";
condition literal { facility lpr; };
};
output file {
path "/var/log/mail.log";
condition literal { facility mail; };
};
output file {
path "/var/log/user.log";
condition literal { facility user; };
};
output file {
path "/var/log/messages";
condition literal { facility !kernel; };
};
/*
* MySQL example. You need dsyslog-module-mysql installed for this.
*/
/*
* PostgreSQL example. You need dsyslog-module-postgresql installed for this.
*/
-- no debconf information
85,86c85
< # condition pattern { facility "auth*"; };
< condition literal { facility auth; };
---
> condition pattern { facility "auth*"; };
88,89d86
< output file { path "/var/log/auth.log"; condition literal { facility authpriv; }; };
< output file { path "/var/log/auth.log"; condition literal { program sshd; }; };
--- End Message ---
--- Begin Message ---
Version: 0.6.0+nmu2+rm
Dear submitter,
as the package dsyslog has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/835369
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
