sssd is setting SYSLOG_IDENTIFIER to the debug_prg_name internal var, which is set via calls to server_setup(), and in focal (and probably earlier) that's set to a name like "sssd[sudo]". However the syslog MSG section TAG field format requires only alphanumeric characters: https://tools.ietf.org/html/rfc3164#section-4.1.3
therefore, providing an identifier of "sssd[sudo]" results in the TAG field (indicating the process name) to be "sssd" and "[sudo]" is the start of the CONTENT field. The convention specified in the RFC states that if the CONTENT field starts with "[PID]:" the value contained inside the brackets may be considered the PID, which is exactly what systemd-journald is doing. https://tools.ietf.org/html/rfc3164#section-5.3 So, when SYSLOG_IDENTIFIER is set to "sssd[sudo]" that results in a syslog message TAG section that's parsed as having program name 'sssd' and pid 'sudo'. This is fixed upstream in sssd with commit 00e7b1ada3d1c1071eac79b65c17cd2701c2ae6a, included in groovy and later. ** Changed in: systemd (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1908065 Title: Invalid SYSLOG_PID for (systemd) journal messages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1908065/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
