Allow users of the alert-syslog to set the identity.

src/alert-syslog.c

@@ -146,7 +146,11 @@ OutputCtx *AlertSyslogInitCtx(ConfNode *conf)
         }
     }
 
-    openlog(NULL, LOG_NDELAY, facility);
+    const char *ident = ConfNodeLookupChildValue(conf, "identity");
+    /* if null we just pass that to openlog, which will then
+     * figure it out by itself. */
+
+    openlog(ident, LOG_NDELAY, facility);
 
     OutputCtx *output_ctx = SCMalloc(sizeof(OutputCtx));
     if (output_ctx == NULL) {

suricata.yaml

@@ -99,6 +99,9 @@ outputs:
   # a line based alerts log similar to fast.log into syslog
   - syslog:
       enabled: no
+      # reported identity to syslog. If ommited the program name (usually
+      # suricata) will be used.
+      #identity: "suricata"
       facility: local5
       #level: Info ## possible levels: Emergency, Alert, Critical,
                    ## Error, Warning, Notice, Info, Debug