Custom Logging destination in tac_plus

Question

Custom Logging destination in tac_plus

penfold1972 opened this issue 2 years ago · 3 comments

penfold1972 commented 2 years ago

The documentation mentions custom logging destinations, but when I test the following with a freshly compiled binary, I get the following error:

scobb@tacacs-lab fakeroot]$ /usr/local/sbin/tac_plus -P -d 250  ~/tac_plus.cfg.2023 
###################################################
## THIS FILE IS GENERATED AND SHOULD NOT BE MANUALLY EDITED!
##
## This is the main configuration file for TACACS and uses a structure to load compononents
## in the proper order. The configuration is compartmentalized into seperate files to assist
## in keeping the structure intact over time with multiple administrators.


id = spawnd {
        listen = { port = 49 }
        spawn = {
                instances min = 1
                instances max = 10
        }
        background = yes
}

## BEGIN TACACS-SPECIFIC CONFIGURATION
id = tac_plus {

        ## access log appears to be the same as authentication log
        #access log = /var/log/tacacs/%Y/access-%Y-%m-%d.log


        #log separator = "\t"
        log = 
/home/scobb/tac_plus.cfg.2023:26: Expected 'separator', but got '='
7825: /home/scobb/tac_plus.cfg.2023:26: Expected 'separator', but got '='
7825: /home/scobb/tac_plus.cfg.2023:26: Expected 'separator', but got '='
7825: Detected fatal configuration error. Exiting.
7825: Detected fatal configuration error. Exiting.

It can parse the "log separator" line, and if I comment out the "log = " block, it can parse the config just fine.

is the custom destination still a feature? I was wanting to experiment with the RFC5424 format and send it to a host running fluentd.

The block it is trying to parse is:

        log = efkstack {
               destination = 10.0.0.1
               syslog compliance = RFC5424
               syslog facility = DAEMON
               syslog level = INFO
               log separator = "\t"
        }

Answer 1 · 2023-02-09T15:58:06.000Z

Hi,

I've no issues with that configuration -- what version are you running? "tac_plus -v" should show the GIT hash (or, for pre-GIT versions, the time stamp).

Cheers,

Marc

Answer 2 · 2023-02-09T16:49:48.000Z

I tried it on version DEVEL.202302081753.tar.bz2 since it was the latest one in the archive.

the command gives:

[root@b3c7d3e54f95 PROJECTS]# tac_plus -v
tac_plus version GIT info is unavailable. This build might be outdated. Please make sure to update to the latest GIT version before issuing a support request./PCRE2/CRYPTO/CURL/SSL

I removed and re-added the block and it seems to be accepting it now.

Answer 3 · 2023-02-09T17:09:10.000Z

Hi,

ok, thanks. I'm closing this issue then.

Cheers,

Marc