I'm making some modifications to syslogd/syslog so that I can control access to log sockets and have a set of high integrity log files that didn't receive logs from world-writable log sockets. Briefly, this means:
- syslogd needs to be able to optionally apply groups to log sockets - syslogd/syslog.conf needs to allow users to filter logs based on input socket - openlog() needs to attempt to open /dev/log__primarygroup first, falling back to /dev/log So far, I've modified syslogd.c so that each of the sockets specified with the -a option can optionally be associated with a group that is given write access. On the command line, it would look like this: syslogd -a /dev/log__sshd:_sshd -a /dev/log__www:_www -a /dev/log__users:users Next, I would like to add the ability to filter based on input socket to syslog.conf, but I'm not sure what the best place to put that functionality might be. Currently, I'm considering something like: !prog:/dev/log__proggroup Does anyone have some comments or suggestions for this concept? Thanks, Eric
