[tac_plus] Re: accounting + syslog
john heasley
heas at shrubbery.net
Tue Jun 24 06:50:18 UTC 2008
Mon, Jun 23, 2008 at 06:52:50PM -0400, Mark Ellzey Thomas:
> On Mon, Jun 23, 2008 at 03:26:50PM -0700, john heasley wrote:
> > Tue, Jun 10, 2008 at 10:59:03AM -0400, Mark Ellzey Thomas:
> > > Index: acct.c
> > > ===================================================================
> > > RCS file: /cvs/netsec-dev/tacacs/acct.c,v
> > > retrieving revision 1.3
> > > retrieving revision 1.4
> > > diff -u -r1.3 -r1.4
> > > --- acct.c 4 Jun 2008 14:49:54 -0000 1.3
> > > +++ acct.c 9 Jun 2008 14:53:37 -0000 1.4
> > > @@ -1,5 +1,5 @@
> > > /*
> > > - * $Id: acct.c,v 1.3 2008/06/04 14:49:54 jathan Exp $
> > > + * $Id: acct.c,v 1.4 2008/06/09 14:53:37 mthomas Exp $
> > > *
> > > * Copyright (c) 1995-1998 by Cisco systems, Inc.
> > > *
> > > @@ -145,7 +145,11 @@
> > > if (wtmpfile) {
> > > errors = do_wtmp(&rec);
> > > } else {
> > > - errors = do_acct(&rec);
> > > + if (session.acctfile != NULL)
> > > + errors = do_acct(&rec);
> > > + if (session.acct_syslog)
> > > + errors = do_syslog_acct(&rec);
> > > +
> >
> > Doesn't that change the accounting default? While this would preserve it:
> >
>
> The idea was to give the administrator the ability to log to both syslog
> and a local file (or one or the other), if they wanted to.
Why would I want two copies of the same data? Syslog of accounting data
is dubious, given that syslogds usually filter duplicates.
More information about the tac_plus
mailing list