tlog not working when auditd is disabled, and there's no /proc/PID/sessionid

[haiwu]

tlog not working when auditd is disabled, and there's no /proc/self/sessionid. How to ensure tlog would work when auditd is disabled? There's an existing issue here "#264", where it suggested using 'getsid(0)', and it seems to work in Linux, where calling 'getsid(0)' would get the interactive ssh session's BASH pid (if the logged in user using BASH shell), which would stay the same during the whole interactive session.

What's the concern of just using getsid(0) (instead of using /proc/self/sessionid) in case auditd being already disabled? pid reaching PID_MAX and wraps around?

[haiwu]

another way is to use systemd $XDG_SESSION_ID, or call 'sd_pid_get_session(my_pid, &session)', which would grab something from systemd, similar to /proc/self/sesionid, whose value would show up in the same position of 'loginctl session-status' output.

[justin-stephenson]

Using a systemd login-related session ID as fallback for the session field if /proc/self/sessionID is unavailable seems reasonable to me, the downside being it would not help for systems which are not using systemd.

[haiwu]

At least it would help out those folks working with systemd-enabled Linux hosts where auditd is disabled.