Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document syslog behavior especially priority and RHEL #250

Open
chrisinmtown opened this issue Mar 24, 2021 · 0 comments
Open

Document syslog behavior especially priority and RHEL #250

chrisinmtown opened this issue Mar 24, 2021 · 0 comments
Labels
T: enhancement Type: enhancement. This issue seeks an improvement of an existing feature

Comments

@chrisinmtown
Copy link
Contributor

chrisinmtown commented Mar 24, 2021
edited
Loading

Setting security.syslog=true causes the MISP server to send copious details to the system log via syslog, and not just about security (successful/failed authentication) either, so the setting is a bit misnamed.

The MISP syslog plugin MISP/app/Plugin/SysLog/Lib/SysLog.php sends messages using syslog facility "LOCAL0". Error messages go at priority error, warning messages go at priority warning, but the plugin maps all other actions especially info to syslog priority DEBUG.

On a RHEL7 server the config file /etc/rsyslogd.conf has no rule for facility LOCAL0, at priority debug. As a result the regular MISP messages like "added event" are silently dropped.

I don't know how syslog is configured on Ubuntu.
@enjeck enjeck added the T: enhancement Type: enhancement. This issue seeks an improvement of an existing feature label Apr 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T: enhancement Type: enhancement. This issue seeks an improvement of an existing feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chrisinmtown @enjeck