PAM-Modules
	A Collection of Modules for PAM	Sergey Poznyakoff

• Main
• Downloads
• Documentation

5 Log arbitrary messages to syslog.

The pam_log module is a diagnostic tool. It works similarly to the shell echo command, outputting its arguments to the syslog. The module can be used in any PAM service stack.

In order to be discerned from arguments, all pam_log’s options begin with a dash (‘-’). They must precede any non-option arguments. If the first non-option argument happens to begin with a dash, you can inhibit its special handling by placing ‘--’ before it.

After collecting all options, the module scans the rest of its command line arguments, performs item expansion (see item expansion) and outputs the resulting string to the syslog.

The following table lists all the supported options:

-audit

Similar to audit in other modules (see Intro).

-debug[=level]

Similar to debug in other modules (see Intro).

-noopen

Reserved for future use.

-waitdebug[=interval]

Similar to waitdebug in other modules (see Intro).

-pri=facility.priority

Send log messages to the given syslog facility and priority. The facility part can be any of: ‘user’, ‘daemon’, ‘auth’, ‘authpriv’, ‘local0’, ‘local1’, ‘local2’, ‘local3’, ‘local4’, ‘local5’, ‘local6’, ‘local7’.

The priority is any of the following: ‘emerg’, ‘alert’, ‘crit’, ‘err’, ‘warning’, ‘notice’, ‘info’, ‘debug’.

Either facility or priority (but not both) can be omitted, in which case the following defaults are used: facility=authpriv, priority=info.

-tag=label

Use label as the syslog tag, instead of the module name.

The following example illustrates the use of this module:

cvs auth       required  pam_regex.so extended \
    regex=^(anoncvs|anonymous)$ sense=allow 
cvs account    requisite pam_log.so -tag CVS-ACCESS \
    -pri=daemon.info User ${user:-unknown} is granted CVS access
cvs account    required   pam_permit.so
cvs session    required   pam_permit.so