Project

General

Profile

Actions

Bug #12464

open

Syslog Auth messages are sent as Emergency Level

Added by Steve Wheeler about 2 months ago. Updated about 1 month ago.

Status:
Pull Request Review
Priority:
Normal
Assignee:
-
Category:
Logging
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
All
Affected Architecture:
All

Description

All authentication logs are send with the Level set as Emergency even when authentication is successful:

Syslog message: AUTH.EMERG: Oct 16 01:05:04 localhost php-fpm[337]: /index.php: Successful login for user 'admin' from: 172.21.16.5 (Local Database)\n
    0010 0... = Facility: AUTH - security/authorization messages (4)
    .... .000 = Level: EMERG - system is unusable (0)
    Message: Oct 16 01:05:04 localhost php-fpm[337]: /index.php: Successful login for user 'admin' from: 172.21.16.5 (Local Database)\n

This causes a problem for some syslog collectors that don't expect to see Emergency level messages unless 'system is unusable' is actually true.

It appears that is because we do not set a level to use in the log_auth function. This should probably be set as Level NOTICE.


Files

427.diff (498 Bytes) 427.diff Steve Wheeler, 10/16/2021 10:13 AM
Actions #2

Updated by Jim Pingle about 1 month ago

  • Status changed from New to Pull Request Review

The current behavior is intentional since it triggers the login "beep" and console message.

If we change this at all, it should key off the user option to suppress the login messages on system_advanced_admin.php. Instead of suppressing the log message entirely it could just change the level as done in the PR to stop the beeping. Or it could have three choices "Default (enabled)", "Log at lower level", and "Disabled" or something along those lines.

If a syslog server has a problem with certain log levels, that's on the user and their server to fix, not us.

Actions

Also available in: Atom PDF