Bug #12464: Syslog Auth messages are sent as Emergency Level - pfSense - pfSense bugtracker

Actions

Copy link

Bug #12464

open

Syslog Auth messages are sent as Emergency Level

Added by Steve Wheeler 9 months ago. Updated 6 days ago.

Status:

Pull Request Review

Priority:

Normal

Assignee:

Category:

Logging

Target version:

CE-Next

Start date:

Due date:

% Done:

Estimated time:

Plus Target Version:

22.11

Release Notes:

Default

Affected Version:

All

Affected Architecture:

All

Description

All authentication logs are send with the Level set as Emergency even when authentication is successful:

Syslog message: AUTH.EMERG: Oct 16 01:05:04 localhost php-fpm[337]: /index.php: Successful login for user 'admin' from: 172.21.16.5 (Local Database)\n
    0010 0... = Facility: AUTH - security/authorization messages (4)
    .... .000 = Level: EMERG - system is unusable (0)
    Message: Oct 16 01:05:04 localhost php-fpm[337]: /index.php: Successful login for user 'admin' from: 172.21.16.5 (Local Database)\n

This causes a problem for some syslog collectors that don't expect to see Emergency level messages unless 'system is unusable' is actually true.

It appears that is because we do not set a level to use in the log_auth function. This should probably be set as Level NOTICE.

Files

427.diff (498 Bytes) 427.diff

Steve Wheeler, 10/16/2021 10:13 AM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #12464

Syslog Auth messages are sent as Emergency Level

Updated by Steve Wheeler 9 months ago

Updated by Jim Pingle 9 months ago

Updated by Jim Pingle 6 months ago

Updated by Jim Pingle about 2 months ago

Updated by Jim Pingle 6 days ago