subject: ssh non-intuitive logging setting. (priority names)

[Markus Friedl]

On Sat, Jan 06, 2001 at 01:52:06AM +0900, Ishikawa wrote:
>    QUIET   <-> priority 0
>    FATAL   <-> priority 1
>    ERROR   <-> priority 2
>    INFO    <-> priority 3
>    VERBOSE <->          4
>    DEBUG1  <->          5
>    DEBUG2  <->          6
>    DEBUG3  <->          7

this mapping order is due to the history of openssh.
ssh-1.2.12 used
	debug(), log(), error() and fatal()
calls (in order of importance) with the following options
	QuietMode (only fatal() is logged, not sure about error())
	FascistLogging (debug,log,error and fatal)
and standard mode: log,error and fatal.

in fact, you had only 3 different levels and we tried to change
that.  additionaly, log() was far to chatty so i split all the calls:
openssh now uses log() and for less important messages verbose().

so now we have:
	QUIET		nothing
	FATAL		fatal
	ERROR		fatal+error
	INFO		fatal+error+log	(since Loglevel=LOG sounds strange)
	VERBOSE		fatal+error+log+verbose
	DEBUG		fatal+error+log+verbose+debug

later we added some more debug levels.
this is the reason for the current log levels.
i don't say that's perfect.

> For my initial purpose, after experimenting with syslog.conf and
> the setting in sshd_config,
> I put the following in sshd_config.
> 
>   SyslogFacility AUTH
>   LogLevel DEBUG2

you probably want LogLevel VERBOSE

>         /* 3 : ERR. */
>                 { "INFO",       SYSLOG_LEVEL_INFO },
>                 { "ERR",        SYSLOG_LEVEL_INFO },
>                 { "ERROR",      SYSLOG_LEVEL_INFO },

so this would mean with
	LogLevel=ERROR
you would see
	fatal+error+log
in syslog().

i think this mapping is more appropriate

	ALERT		nothing
	CRIT		fatal
	ERR		fatal+error
	NOTICE		fatal+error+log	(since Loglevel=LOG sounds strange)
	INFO		fatal+error+log+verbose
	DEBUG		fatal+error+log+verbose+debug

> PS: Is it possible someone
> broke log.c and ssh.h to the point that the original
> intent of keeping sync with UNIX priority names
> no longer works?
> The mis-use (in my eyes) of macronames uncovered during
> this investigation suggested something like this happened.

where? what do you mean.

> Actually, if there are not many objections, I would rather
> see the cleanup of the SYSLOG_LEVEL_* macro definitions and usage
> to keep them in line with the UNIX priorities so that
> the names like "INFO" or "DEBUG" would have
> similar meaning (that is at the same priority level)
> as in the usage of syslog.conf.
> Currently, they don't seem to. Or am I missing something?

the macros don't need the cleanup. probably
all the loging should be replace and _then_ we
could cleanup the macro names.

perhaps move from
	fatal(), error() log(), verbose(), debug1(), debug2(), debug3()
to
	sshlog(CRIT, ...);
	sshlog(ERR, ...);
	sshlog(NOTICE, ...);
	sshlog(INFO, ...);
	sshlog(DEBUG1, ...);
	sshlog(DEBUG2, ...);
	sshlog(DEBUG3, ...);

or even more levels, similar to syslog.

comments?

-markus