Subject: audit of syslog(3) usage...
To: None <tech-userlevel@netbsd.org>
From: Luke Mewburn <lukem@wasabisystems.com>
List: tech-userlevel
Date: 01/22/2001 11:17:51
I've just completed an audit of the tree of the usage of syslog(3) (or
more specifically, the usage of LOG_, which gets openlog(3) and
program-specific wrappers to syslog(3)).
The results were interesting, and I've attached them below. I may have
missed the occasional case, or summarised a bit to aggressively for a
given program, but the general usage is highlighted.
A summary:
- IMO, LOG_CONS was (ab)used too much. I've removed all
references to this except in init(8), shutdown(8), and
reboot(8), where it makes sense to retain the functionality.
There's nothing worse than logging into a serial console
to fix a problem and being unable to work because of syslog
spam from a program that is using LOG_CONS.
- A lot of programs use `daemon' as a facility (not surprising,
as most of these are daemons).
- There doesn't seem to be consistency in many programs about
differentiating between fatal errors, non-fatal errors,
warnings, and diagnostic messages. Many programs log both
fatal and non-fatal errors to LOG_ERR.
- About 15% of the programs were using __progname in the
argument to openlog(). I've consistently changed this
to using a static identifier, because __progname isn't
as portable. (see below)
Discussion points:
- I'd like to consider separating the logging of fatal and
non-fatal errors into different priorities. My suggestion
would be to use the priorities as follows:
CRIT for fatal errors that will exit
ERR for errors that don't exit
WARNING for warnings
- On a tangental point, if we get around to replacing
const char *__progname
with something more portable like:
const char *getprogname(const char *argv0)
(the argv0 element is argv[0] from main(), and could
be ignored by NetBSD which can still use __progname
from crt0 which is more likely to be accurate)
then it's fairly trivial to search the source for openlog()
usage and change ident to using getprogname().
- Consider updating syslog.conf(5), syslog(3), or comments in
etc/syslog.conf, to describe which in-tree applications use
which facility.
- Ensure that the usage of priorities by various kernel routines
is consistent, both within itself and relative to the other
kernel routines.
Food (bits?) for thought/discussion...
Luke.
Here's the document (with the kernel usage in as well)
=-=-=-=-=-=
notes:
------
priorities:
emerg, alert, crit, err, warning, notice, info, debug
facilities:
auth, authpriv, cron, daemon, ftp, kern, lpr, mail, news,
syslog, user, uucp, local0, local1, local2, local3, local4,
local5, local6, local7
options:
cons, ndelay, perror, pid
todo:
-----
- remove LOG_ODELAY
- remove LOG_PERROR if it's unnecessary
- consider being consistent about levels:
CRIT for fatal errors that will exit
ERR for errors that don't exit
WARNING for warnings
- deprecate LOG_CONS, except where it makes sense (init, shutdown, reboot...)
- be consistent when setting the `ident' parameter of openlog
userland:
---------
altqd(8) daemon.err pid errors
daemon.warning warning messages
daemon.info default messages
daemon.debug debug messages (-v)
amd(8) (facility can be changed to XYZ with logfile of syslog:XYZ)
daemon.crit pid fatal
daemon.err error
daemon.warning warnings & user errors
daemon.info info & stats
daemon.debug debug and maps
amq(8) (uses amd(8)'s log file)
apmd(8) daemon.err errors (! -d)
daemon.warning warnings (! -d)
daemon.notice power stats (! -d)
local1.err errors (-d)
local1.warning warnings (-d)
local1.notice power stats (-d)
local1.info low impact problems (-d)
local1.debug debug messages (-d)
atrun(8) cron.err pid fatal errors
bootpd(8) daemon.err pid ndelay errors (including non-fatal)
daemon.notice warnings
daemoninfo startup messages, requests
chat(8) local2.err pid ndelay fatal errors
local2.info -v output
comsat(8) daemon.err pid fatal errors
daemon.info log biffs (-l)
daemon.debug debug notices (if debug != 0)
auth.notice / in tty name (might be incorrect code)
cron(8) cron.info pid commands executed
date(1) auth.notice date change
dhclient(1) daemon.err ndelay fatal errors, errors, parse warnings
daemon.info various diagnostics & info
daemon.debug debug messages (#ifdef DEBUG)
dhcrelay(8) daemon.err ndelay fatal errors, errors, parse warnings
daemon.info various diagnostics & info
daemon.debug debug messages (#ifdef DEBUG)
dhcpd(8) daemon.err ndelay fatal errors, errors, parse warnings
daemon.info various diagnostics & info
daemon.debug debug messages (#ifdef DEBUG)
faithd(8) daemon.err pid errors (including non-fatal)
daemon.warning child exit status warnings
daemon.info status messages
daemon.debug debug message (-d)
fingerd(8) daemon.err pid fatal errors
daemon.notice logged queries (-l)
ftpd(8) ftp.err pid ndelay fatal errors
ftp.warning conf file parse errors, other warnings
ftp.notice login failures/errors
ftp.info transfer stats, user logins & timeouts,
successful command results, xferlog
ftp.debug debug info (-d)
authpriv.notice login errors
getty(8) auth.err pid fatal errors
auth.warning warnings/errors
hlfsd(8) (as per amd(8))
huntd(6) daemon.err pid fatal errors
daemon.warning warnings
identd(8) daemon.err PID fatal errors (-l)
daemon.warning errors (-l)
daemon.notice access denied, bad passwords,
if lied, bad requests (-l)
daemon.info connections/requests (-l)
daemon.debug sigalrm (-l), debug msgs (-ld)
inetd(8) daemon.err pid errors (including non-fatal)
daemon.warning connection problems
auth.warning libwrap connection refusal
auth.info libwrap connection allowed
init(8) auth.emerg cons serious emergencies
auth.alert problems with terminals, /etc/rc,
single user shell failure,
single user login failure
ipmon(8) (the facility & level can be changed per-rule in ipf.conf)
local0.err pid ndelay short packets
errors (including non-fatal)
local0.warning blocked packets
local0.notice passed or unmatched packets
local0.info `log'ged packets
isdnd(8) - (facility can be changed with -s)
local0.err pid ndelay errors (adds perror #ifdef DEBUG)
local0.warning warnings
local0.notice significant daemon conditions
local0.info informational, call handling,
packet logging
local0.debug debug messages
kf(1) auth.err pid odelay errors (including non-fatal)
lfs_cleanerd(8) daemon.err pid ndelay fatal errors (adds perror if -d)
daemon.warning warnings
daemon.info status messages (-d), stats on SIG...
daemon.debug debug messages (-d), debug stats
logger(1) user.notice pid perror whatever given (fac.pri can be changed)
login(1) auth.err gethostbyname problems, other errors XXX
auth.warning problems chowning tkfile
auth.notice kerberos ticket problems,
login refusals/acceptance
authpriv.notice login failure
lpd(8) lpr.alert remote queue full
lpr.crit sleeptime overflow
lpr.err pid file/tty/network errors
lpr.warning too many children - sleeping
lpr.info illegal options, status messages,
some network errors, bad requests
lpr.debug connection failure when binding to
a multi-homed host
lpq(8) (as per lpd(8))
lpr(8) (as per lpd(8))
lprm(8) (as per lpd(8))
mail.local(8) mail.err perror various errors
master(8) mail.crit pid ndelay panic messages (prefixed with "panic")
mail.crit fatal messages (prefixed with "fatal")
mail.err error messages (prefixed with "error")
mail.warning warnings (prefixed with "warning")
mail.info info messages
mopd(8) daemon.err errors (including non-fatal)
daemon.info info messages
mopchk(8) (as per mopd(8))
moptrace(8) (as per mopd(8))
mopprobe(8) (as per mopd(8))
mountd(8) daemon.err pid errors (including non-fatal & parsing)
daemon.warning warnings
daemon.notice refused requests
mount_nfs(8) daemon.err pid nfssvc() errors (non fatal?)
mount_portal(8) daemon.err pid fatal errors
daemon.warning errors/warnings
daemon.debug debug messages (#ifdef DEBUG)
mrouted(8) daemon.err pid fatal errors
daemon.warning warnings/errors
daemon.notice status messages
named(8) (named sends other messages to facilities and levels
defined in named.conf)
daemon.crit pid ndelay fatal errors
daemon.err internal non-fatal errors
daemon.warning bad options
daemon.info internal warnings
named-xfer(8) daemon.err pid perror errors (including non-fatal)
daemon.notice xfer problems
daemon.info warnings, status updates
daemon.debug writemsg() failure
nfsd(8) daemon.err pid errors (including non-fatal)
ntpd(8) daemon.err pid ndelay errors (including non-fatal)
daemon.warning warnings
daemon.notice notices
daemon.info info messages (and some debug if -d/-D)
daemon.debug debug messages
ntpdate(8) (as per ntpd(8), except debug messages aren't logged unless -d)
pim6dd(8) daemon.err pid error messages
daemon.warning warning messages
daemon.notice notice messages
daemon.info info messages
daemon.debug debug messages
pim6sd(8) daemon.err pid error messages
daemon.warning warning messages
daemon.notice notice messages
daemon.info info messages
daemon.debug debug messages
poffd(?) daemon.err fatal errors
daemon.debug debug messages
postdrop(1) (as per master(8))
postlog(1) mail.info whatever given
(pid if -i, level can be changed)
postsuper(1) (as per master(8))
pppd(8) (uses local2 if any DEBUG options are #defined)
daemon.err errors
daemon.warning warnings
daemon.notice notices (if debug)
daemon.info status messages (if debug)
daemon.debug log all control packets (if debug)
racoon(8) daemon.alert ndelay unknown errors
daemon.info various errors/warnings
daemon.debug debug messages
rarpd(8) daemon.err pid errors (including non-fatal)
daemon.warning warnings
daemon.info requests (if -l)
rbootd(8) daemon.err pid errors (including non-fatal)
daemon.warning connection timeouts, bad replies,
bad packets, dropping existing conns
daemon.notice restart/reconfig messages
daemon.info ignored packets, request allow/denied
reboot(8) auth.crit cons halt/reboot/poweroff message (! -l)
rexecd(8) daemon.err pid critical errors (if -l)
daemon.info command run (if -l)
rlogind(8) auth.err pid fatal errors
auth.warning various warnings
auth.notice addr problems, bad port, bad ip opts
auth.info login success (-L), login failures
routed(8) daemon.err pid errors
daemon.debug debug messages (#ifdef RN_DEBUG)
route6d(8) daemon.err pid ndelay errors
daemon.warning warnings (if -d/-D)
daemon.info info messages
daemon.debug debug messages (if -d/-D)
rpc.bootparamd(8) daemon.notice status info (if -s)
rpc.lockd(8) daemon.err errors (including non-fatal) XXX
daemon.warning warnings (including fatal)
daemon.notice warnings
daemon.info status messages
daemon.debug debug messages (including if -d >0)
rpc.rquotad(8) daemon.err pid errors
daemon.warning errors
rpc.rstatd(8) daemon.err pid fatal errors
daemon.debug debug message (#ifdef DEBUG)
rpc.rusersd(8) daemon.err pid fatal errors
daemon.warning errors/warnings
daemon.debug x11 debug messages (#ifdef XIDLE)
rpc.statd(8) daemon.err errors (including non-fatal) XXX
daemon.info status messages
daemon.debug debug messages (including if -d >0)
rpc.rwalld(8) daemon.err pid various errors
rpc.sprayd(8) daemon.err pid various errors
rpcbind(8) daemon.err errors (including non-fatal)
auth.notice denied requests (-l)
auth.info requests (including some denied) (-l)
rshd(8) daemon.err pid fatal errors
daemon.warning warnings
daemon.notice ignored ip opts, addr problems
auth.notice illegal port
auth.info valid commands (-L), login failures
rtadvd(8) daemon.err pid ndelay errors (including non-fatal)
daemon.warning warnings/non-fatal errors (if -d)
daemon.notice info messages (if -d)
daemon.info config warnings (if -d/-D)
daemon.debug debug messages (if -d/-D)
rtsold(8) daemon.err pid ndelay errors (including non fatal)
daemon.warning warnings
daemon.notice some warnings
daemon.info info messages (if -d/-D)
daemon.debug debug messages (if -d/-D)
rwhod(8) daemon.err pid fatal errors
daemon.warning warnings
savecore(8) daemon.alert perror panic string
daemon.err errors (including non-fatal)
daemon.warning warnings & less problematic errors
daemon.notice messages about writing core
sendmail(8) mail.alert pid very serious errors (inc. non-fatal)
mail.crit serious errors (non-fatal)
mail.err non-fatal errors
mail.warning warnings (depending on LogLevel)
mail.notice notices (depending on LogLevel)
mail.info info msgs (depending on LogLevel)
mail.debug debug msgs (depending on LogLevel)
sesd(8) user.alert enclosure unrecoverable
user.crit enclosure critical
user.err errors (including non-fatal)
user.warning enclosure non-critical
user.notice enclosure ok
user.info enclosure has status info
shutdown(8) auth.err cons errors (including non-fatal)
auth.notice halt/reboot/poweroff message
sliplogin(8) daemon.err errors
daemon.info attach/detach info messages
smrsh(8) mail.crit fatal errors
mail.err fatal errors
mail.warning fatal warnings
sshd(8) (maximum level controlled by sshd.conf's LogLevel directive)
(facility changed with sshd.conf's SyslogFacility directive)
auth.err errors (including non-fatal)
auth.info info and verbose messages
auth.debug debugging
su(1) auth.warning bad su or other problems
auth.notice notification of successful su
sup(1) daemon.err pid errors (including non-fatal)
daemon.info info messages
auth.warning libwrap deny
auth.info libwrap allow
supfilesrv(8) daemon.err pid errors (including non-fatal)
daemon.info info messages
auth.warning libwrap deny
auth.info libwrap allow
syslogd(8) user.notice default for non kernel messages
kern.crit default for kernel messages
mark.info periodic (20 mins) status messages
syslog.err errors (including non-fatal)
syslog.info restart message
talkd(8) daemon.err pid fatal errors
daemon.warning network warnings
daemon.info info messages
daemon.debug debug messages (-d)
telnetd(8) daemon.err pid fatal errors
daemon.warning warnings
daemon.info reject env var modification
timed(8) daemon.err pid errors (including non-fatal)
daemon.warning warnings
daemon.notice time adjustments, some bad msgs
daemon.info status messages
timedc(8) auth.err errors
tftpd(8) daemon.err pid ndelay fatal errors
daemon.info log requests (-l)
daemon.debug debug messages (-l)
uucpd(8) auth.err pid fatal errors (-l)
auth.info successful logins (-l)
vacation(1) user.err fatal errors
wdogctl(8) daemon.emerg pid perror timer tickle failure
ypbind(8) daemon.err pid perror fatal errors
daemon.warning warnings/errors
yppush(8) daemon.err pid fatal errors
ypserv(8) daemon.err pid errors
daemon.warning warnings
daemon.info all other messages
daemon.debug debug messages (#ifdef DEBUG)
ypxfr(8) daemon.debug pid debug messages (#ifdef DEBUG)
_DIAGASSERT(3) user.debug assertion failures
getgr*(3) ?.err bad group_compat database
getpw*(3) ?.err bad passwd_compat database
problem opening /etc/*pwd.db
getaddrinfo(3) auth.notice bad type returned in getanswer()
gethostby*(3) auth.notice bad type returned in getanswer()
rcmd(3) ?.notice name<->address mismatch
setnetpath(3) ?.err unable to open NETCONFIG
getnetpath(3) ?.err unable to open NETCONFIG
rpc(3) ?.err various errors
login_getclass(3) ?.err various errors
secure_path(3) ?.err various errors
hosts_access(3) ?.err errors (including non-fatal)
?.warning bad IP source routing opts
?.info ignore IP opts
?.debug matched options (hosts_access_verbose>0)
matched rules (hosts_access_verbose>1)
(also logs to values of external int variables
allow_severity and deny_severity)
kernel:
-------
(all kernel messages are at logged to the `kern' facility)
crit i386 isa, mca NMI
err alpha stray interrupts
amiga if_ed, if_es problems
arc isadma, fd, if_sn problems
arm32 undefined instructions (#ifdef VERBOSE_ARM32)
arm32 stray interrupts (on various busses), fd problems
arm32 if_ea, if_eb, if_ie, if_es device timeouts
atari fd, zs problems
bebox stray interrupts
hp300 mt errors
i386 isa stray interrupts
mac68k if_sn, if_ae errors, stray interrupts
newsmips if_sn, mb8795 errors
ofppc stray interrupts
prep stray interrupts
sparc fd, fpu problems
sparc64 fd problems
sun3 fd, if_ie problems
vax qv keyboard error, if_ln device timeout
x68k fd, ms problems
compat compat_offseterr()
MI cy timeout
MI an, dp8390, elink3, elinkxl, hme, i82586, lance, mb86960 errors
MI seeq8005, smc91cxx, tropic, if_eg, if_el, if_hp, if_iy errors
MI ofnet, be, qe, if_se errors
MI mb86960 errors (#if FE_DEBUG >= 1)
MI fd problems
MI sun/kbd reset/get_layout failure
MI sun/kbd_zs, sun/ms_zs, sun/sunkbd, tc/zskbd, tc/zsms problems
MI accounting write failure
MI process kill
MI pool_get hard limit hit
MI system table full
MI procfs mount failure
MI if_arc errors
MI routing errors
MI aarp duplicate AT address
MI if_arp, if_ieee1394arp errors
MI ip_mroute errors
MI ipsec: protocol/algorithm/IP-option problems (if ipsec_debug)
MI ipsec: ipv6 jumbogram not supported (if ipsec_debug)
MI ipsec: unsupport algorithm or key length (if ipsec_debug)
MI ipsec: size exceeded, weak key, XXX+MORE (if ipsec_debug)
MI icmp6: rejected ICMP6 redirects
MI inet6: overlapping fragments, invalid prefix length, ENOBUFS
MI inet6: internal errors, already matching addr/prefix
MI inet6: option length errors
MI mroute6: errors (if mrt6debug && #ifdef MRT6DEBUG)
MI mld6: src not link local, illegal type
MI nd6: route add failure, non-link-local addr in list
MI nd6: invalid hlim (#ifdef ND6_DEBUG)
MI nd6: details of bad packets, bad target addr, XXX+MORE
MI nfs: bad packet length
MI ext2fs & ffs errors
warning alpha silo overflows
amiga if_ed ring buffer overflow
amiga if_qn, ser, mfc problems
amiga keyboard event queue overflow
arm26 vm shortage, arckbd errors, if_eh problems
arm32 if_ea, if_eb packet problems
arm32 use of ttyv framebuffer mapping
arm32 multiple open of of/dev/vidcvideo0
atari keyboard event queue overflow
atari ser, zs silo overflow/overrun
hp300 apci, dca, dcm problems, mt soft errors
mac68k z8530 silo overflow
pc532 scn overrun
pmax dc, scc silo overflow
pmax lk201 keyboard error
pmax rz partition overlap
sh3 sci, scif silo overflow
vax if_ie buffer problems (if dedebug)
vax ts stray interrupts
x68k com silo overflow, keyboard event queue overflow
MI com, cy, z8530tty, cz, dhu, dl, dz overflows
MI magma overflows
MI dp8390 receiver overflow (#ifdef DIAGNOSTIC)
MI mb86960 warnings (#if FE_DEBUG >= 2)
MI ne2000, seeq8005, smc90cx6 warnings
MI sun/kbd, wscons/wskbd problems
MI ktrace write failure
MI settimeofday() ignoring timezone set
MI if_arp, if_ieee1394arp warnings
MI if_mroute warnings
MI ipsec: packet replay, replay counter overflow (if ipsec_debug)
MI ipsec: checksum mismatch, ipv6 auth fail (if ipsec_debug)
MI ipsec: no key association, XXX+MORE (if ipsec_debug)
MI inet6: internal warnings
MI mroute6: socket queue full (if mrt6debug && #ifdef MRT6DEBUG)
MI isdn: TEI denied
notice mvme68k lpt status: offline, out of paper, output error
pc532 lpt status, plip problems
sparc64 cgsix problems (#ifdef DEBUG)
MI ic/lpt, usb/lpt status
MI tcx warnings (#ifdef DEBUG)
MI cgsix problems (#ifdef DEBUG)
MI accounting status
MI if_gif errors
MI ipsec: length mismatch, tunnel addr mismatch (if ipsec_debug)
MI ipsec: ipv6 pullup gather failure, XXX+MORE (if ipsec_debug)
MI inet6: preferred lifetime > valid lifetime
MI nd6: nd6_init called > once
MI ffs: optimization changes (if ffs_log_changeopt)
info amiga grf4 interrupts, if_qn messages
arm32 stack usage (#ifdef STACKCHECKS)
vax ts special condition errors
MI mb86960 debugging (#if FE_DEBUG >= 3)
MI if_ate debug (#if ATE_DEBUG >= 3)
MI process non-zero exit (if kern_logsigexit)
MI if_arc out of seq. packets
MI if_sppp status messages (some if IFF_DEBUG)
MI if_arp, if_ieee1394arp ARP override status messages
MI if_atm dropped multicast/broadcast packets
MI tcp_input connection refused (if tcp_log_refused)
MI icmp6: bad ND options, lladdrlen mismatch
MI inet6: packet for unready address
MI nd6: bad DAD packet, bad NS target, bad ND option
MI nd6: lladdrlen mismatch, duplicate ip6 addr
MI isdn: TEI assigned/removed
MI nfs: send/receive errors
debug arm26 arckbd debug (#ifdef ARCKBD_DEBUG)
hp300 mt debugging
MI if_sppp debugging (if interface has IFF_DEBUG set)
MI routing debugging (if rn_debug and #ifdef RN_DEBUG)
MI if_arp, if_ieee1394arp debugging
MI if_atm bad gateways
MI ip_mroute debugging (if mrtdebug or tbfdebug)
MI ipsec: can't pullup, dying SA, bad mem alloc (if ipsec_debug)
MI ipsec: unsupported auth algorithm (if ipsec_debug)
MI ipsec: internal errors, mbuf probs, XXX+MORE (if ipsec_debug)
MI inet6: unforwarded packets
MI mroute6: status messages (if mrt6debug && #ifdef MRT6DEBUG)
MI nd6: unsupported option, lookup failure, malloc failures
MI nd6: bad gateway
MI iso: debug messages
=-=-=-=-=-=
--
Luke Mewburn <lukem@wasabisystems.com> http://www.wasabisystems.com
Luke Mewburn <lukem@netbsd.org> http://www.netbsd.org
Wasabi Systems - providing NetBSD sales, support and service.