mjhjmtu

Given the following lines in an instance of /etc/rsyslog.conf:

$template MyFmt, "%timereported:::date-year%%timereported:::date-month%%timereported:::date-day%_%timereported:::date-hour%%timereported:::date-minute%%timereported:::date-second% %fromhost-ip% %fromhost% %HOSTNAME% %syslogtag%%programname%%msg:::drop-last-lf%n"

auth,authpriv.* |/path/to/log;MyFmt

Assume the syslog sender is a compiled C++ program, i.e. something like:

// main.cpp

#include <ctime>
#include <syslog.h>

int main( int argc, char* artv )

 openlog( "LogTest[456]", 0, LOG_AUTH );
 syslog( LOG_AUTH 

Then why might an entry in /var/log/secure have its %syslogtag% and %programname% values "(none)" ? Does it necessarily mean the program would have called "openlog( "(none)", ... );" ?

I tried modifying the above program to pass openlog() first argument values "" (empty string) and NULL. In case of the former, the resulting %syslogtag% value was an empty string, and in case of the latter, the resulting %syslogtag% value was "a.out", i.e. my executable's name. I can't think of what else might result in a value of "(none)" other than explicitly specifying so to openlog()...?

Edit: To be clear: the above example program does not result in a %syslogtag% value of "(none)" - it results in an expected value of "LogTest[456]". My question is more: what would cause a %syslogtag% value of "(none)", other than explicitly specifying so to openlog()?

(I'm trying to understand observed behavior at work: rsyslogd running on a server receives syslogs from clients and writes them in a templated format to a pipe, as above. Some of the written content has a %syslogtag% value of "(none)" - I'd like to understand potential reasons why.)