Skip to content

Document syslog behavior especially priority and RHEL #250

New issue
New issue
Open
Open
Document syslog behavior especially priority and RHEL#250
Labels
T: enhancementType: enhancement. This issue seeks an improvement of an existing feature
@chrisinmtown

Description

@chrisinmtown
chrisinmtown
opened on Mar 24, 2021

Setting security.syslog=true causes the MISP server to send copious details to the system log via syslog, and not just about security (successful/failed authentication) either, so the setting is a bit misnamed.

The MISP syslog plugin MISP/app/Plugin/SysLog/Lib/SysLog.php sends messages using syslog facility "LOCAL0". Error messages go at priority error, warning messages go at priority warning, but the plugin maps all other actions especially info to syslog priority DEBUG.

On a RHEL7 server the config file /etc/rsyslogd.conf has no rule for facility LOCAL0, at priority debug. As a result the regular MISP messages like "added event" are silently dropped.

I don't know how syslog is configured on Ubuntu.

Metadata

Metadata

Assignees

No one assigned

    Labels

    T: enhancementType: enhancement. This issue seeks an improvement of an existing feature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions