In some email I received from Chris M. Lonvick, sie wrote:
> At 01:39 PM 10/14/00 +1100, Darren Reed wrote:
>
> >On the subject of numbers for facilities:
> >
> >#define LOG_AUTHPRIV (10<<3) /* audit daemon */
> >#define LOG_FTP (11<<3) /* audit daemon */
> >#define LOG_NTP (12<<3) /* NTP daemon */
> >#define LOG_AUDIT (13<<3) /* audit daemon */
> >#define LOG_LFMT (14<<3) /* logalert daemon */
>
> Hi Darren,
>
> I can't find any reference to anyone using LOG_AUDIT on (13<<3).
> Can you (or anyone) give me a pointer to an OS that uses it at
> that facility?
I'll try...
google found me a hit for LOG_AUDIT and I found this also:
#ifdef LOG_SAT
"sat", LOG_AUDIT,
#endif
(from hylafax)
LOG_AUDIT comes from IRIX (no, SGI isn't dead yet, but we all wish
they would hurry up about it ;-):
#define LOG_AUDIT (13<<3) /* audit daemon */
#define LOG_LFMT (14<<3) /* logalert facility*/
IRIX 6.2 syslogd man page:
...
syslogd reads its configuration when it starts up and whenever it
receives a hangup signal. Lines in the configuration file have a
selector to determine the message priorities to which the line applies
and an action. The action fields are separated from the selector by one
or more tabs. A maximum of 50 lines can be specified. It is recommended
that no more than 49 be used, or the LOG_LFMT facility may not work
correctly; this facility is used by login(1), among other programs.
...
As for which programs actually use LOG_AUDIT, I imagine "satconfig"
(configure the system audit trail to collect particular events) has
something to do with it :-)
I guess I'll have to wait to collect on that beer you owe me now :)
Darren
