Description of problem: In latest Rawhide: $ ssh trick Message from syslogd@trick at Mar 20 15:51:46 ... journal:<audit-1112> pid=1960 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=choo.home.annexia.org addr=192.168.0.175 terminal=/dev/pts/0 res=success' Message from syslogd@trick at Mar 20 15:51:46 ... journal:<audit-1105> pid=1960 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=choo.home.annexia.org addr=192.168.0.175 terminal=/dev/pts/0 res=success' Last login: Fri Mar 20 14:59:07 2015 from choo.home.annexia.org Message from syslogd@trick at Mar 20 15:51:46 ... journal:<audit-2404> pid=1960 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5e:91:96:9b:d3:3c:42:5c:21:e8:fe:8e:4c:c6:a8:ef:cb:3f:ff:b8:e8:c8:b0:2a:a3:d9:c7:65:40:dc:7a:62 direction=? spid=1968 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=192.168.0.175 terminal=? res=success' Furthermore any additional SELinux/audit messages appear in the shell. Version-Release number of selected component (if applicable): systemd-219-10.fc23.x86_64 rsyslog-8.8.0-1.fc23.x86_64 How reproducible: 100% (for me) Steps to Reproduce: 1. Install Rawhide. 2. Log in.
See also: https://lists.fedoraproject.org/pipermail/devel/2015-March/209220.html https://lists.fedoraproject.org/pipermail/devel/2015-March/209225.html
Created attachment 1004552 [details] emerg.log Tomas asked me to supply additional information: > You can try appending this to /etc/rsyslog.conf: > > template(name="tpl" type="string" string="%TIMESTAMP% %HOSTNAME% %syslogtag% json: %$!all-json%\n") > *.emerg action(type="omfile" file="/tmp/emerg.log" template="tpl") > > Then you can look into the message metadata to see what was actually > received. The contents of emerg.log are attached.
OK, there is a bug in the imjournal plugin in rsyslog. Some of the messages coming from journald don't have the PRIORITY field (and neither they have SYSLOG_FACILITY=, SYSLOG_IDENTIFIER=, SYSLOG_PID=), thus rsyslog has to emulate it. There's a bug in how the default value is set. The PRIORITY field is client-provided. I'm undecided whether journald should always try to provide it so that the same value is used consistently by all the consumers. Here's a scratchbuild to test: http://koji.fedoraproject.org/koji/taskinfo?taskID=9281778
I will try that at some point, but at the moment I cannot even log into my Rawhide machine at the keyboard, nor over ssh. It's that broken ...
Yes, I can confirm that the package in comment 3 fixes the problem.
(In reply to Richard W.M. Jones from comment #5) > Yes, I can confirm that the package in comment 3 fixes the problem. Great, thanks. I'll push out the updated version.