Summary:ASTERISK-20744: [patch] Security event logging does not work over syslog
Reporter:Michael Keuter (mkeuter)Labels:
Date Opened:2012-11-27 09:14:37.000-0600Date Closed:2015-01-12 12:03:16.000-0600
Versions:11.0.0 11.0.1 Frequency of
is duplicated byASTERISK-25243 Asterisk logger can't log level "security" to syslog
Environment:AstLinux 1.0.5, Linux 2.6.35, Asterisk 11.0.1Attachments:( 0) asterisk-20744-syslog-dynamic-logging_trunk.diff
Description:The SIP security event logging works fine for me for console and file logging, but the security events are not logged over syslog. Everything else except "security" works fine over syslog.

syslog.local0 => notice,warning,error,security

logger show channels
Channel                             Type     Status    Configuration
-------                             ----     ------    -------------
syslog.local0                       Syslog   Enabled    - NOTICE WARNING ERROR SECURITY
/var/log/asterisk/security_log      File     Enabled    - SECURITY
                                  Console  Enabled    - NOTICE WARNING ERROR SECURITY
Comments:By: Joshua C. Colp (jcolp) 2012-11-27 09:24:51.650-0600

To any individual who takes a gander at this:

I suspect the underlying cause of this is because the security log level is dynamic. Dynamic logging levels may not work correctly with syslog, as well I believe there is an explicit mapping in the code for internal log levels to syslog log levels. This may also present an issue.

By: Michael L. Young (elguero) 2013-04-15 12:48:36.328-0500

Josh is right about syslog not handling dynamic logging at all.

This patch adds the ability for dynamic logging to be output to syslog by basically defaulting to the syslog level of LOG_NOTICE.

This was a quick way to get the desired logging.

By: Jacek Konieczny (jkonieczny) 2014-12-31 08:37:08.208-0600

The problem affects Asterisk 13.1.0 too. And the patch attached to this issue works for Asterisk 13.

By: Matt Jordan (mjordan) 2015-01-12 11:09:49.059-0600

I'm personally fine with this solution. Security events sound like NOTICEs to me.

I'm going to go ahead and commit this as such.