(RADIATOR) Problem with AuthLog SYSLOG?

Shumon Huque shuque at isc.upenn.edu
Wed Aug 3 22:25:46 CDT 2005


On Thu, Aug 04, 2005 at 11:44:03AM +1000, Mike McCauley wrote:
> Hello Eivind,
> 
> Thanks for reporting this.
> It is due to the fact that on Solaris, syslog does not by default open a unix 
> domain socket, and AuthLog SYSLOG by default tries to use unix domain 
> sockets.

The problem is actually slightly more complicated. Solaris doesn't
use UNIX domain sockets at all. /dev/log and /dev/conslog are 
STREAMS devices, and furthermore, they expect to receive syslog 
priority codes  and syslog messages over the separate STREAMS 
control and data channels respectively. Perl's Sys::Syslog module 
is not capable of dealing with this.

> You can fix this by setting 
> LogSock inet
> in your AuthLog SYSLOG.
> 
> We see that the default behaviour of AuthLog SYSLOG is probably not 
> appropriate for all platforms, so we have also now posted a patch so that the 
> syslog socket type is left as the default (tcp, udp, unix, stream, console) 
> unless LogSock is explicitly defined. This should prevent this error message 
> occurring on Soalris in the future.

The downside to this approach is that it won't work for Solaris
sites like us that, for security reasons, don't configure syslogd 
to listen on the network.

In my opinion, the right solution to this problem is to get perl
to fix their Syslog module to use the platform's native syslog
library routines. That approach works on all platforms regardless
of the internal implementation details of the syslog service,
and a third party perl module that does this is actually available 
on CPAN, called Unix::Syslog.

At our site, I replaced Radiator's references to Sys::Syslog
with Unix::Syslog. Unfortunately, the function call interface
between the two modules is not the same (the latter uses string 
constants rather the integer), so I also needed to install a 
translation table for these constants.

It would be great if Radiator would consider adding an optional
mechanism to support Unix::Syslog to deal with Solaris sites that 
don't use 514/udp.

---
Shumon Huque				3401 Walnut Street, Suite 221A,
Network Engineering			Philadelphia, PA 19104-6228, USA.
Information Systems & Computing		(215)898-2477, (215)898-9348 (Fax)
University of Pennsylvania / MAGPI.	E-mail: shuque -at- isc.upenn.edu

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list