[syslog-ng] How to log messages generated by C program and log file rotation
Jean Faye
ismael.faye at yahoo.fr
Thu Aug 7 16:11:22 CEST 2014
Hi all,
Thank you for your answer. Now I am using unix-dgram("/dev/log") and it's working. I see my logs in the destination files.
But those logs are not in IETF syslog format (RFC5424). I have this kind of logs:
2013-01-01T01:00:24+01:00 mymachine program[1173]: adjustement
How can my C program generate logs in RFC5424 format? Can I still use syslog() call in C program to generate logs in RFC5424?
And in order to receive the logs in RFC5424 format, is enough to have: source { unix-dgram ("/dev/log") flags(syslog-protocol);}; ?
Concerning the date and time in the messages, what do we have to do in order to have it in UTC ?
Thank you in advance.
Best regards,
Ismael Jean FAYE
Le Mercredi 6 août 2014 17h14, Evan Rempel <erempel at uvic.ca> a écrit :
Your C program is using the syslog API to the kernel. This will only ever be available via
the /dev/log mechanism exposed by the kernel.
Your current syslog-ng.conf file specifies a source of
source s_mysource {
pipe("/tmp/pipe" pad_size(2048));
};
which is not where the C call of syslog() sends the syslog messages.
Like Balazs stated, you need to use the syslog-ng system() source or define a syslog-ng source containing unix-dgram("/dev/log")
in order to read out the messages produced by the call to syslog() from your C program.
Evan.
On 08/06/2014 07:49 AM, Balazs Scheidler wrote:
> Hi,
>
> You seem to have defined the source as a named pipe whereas the libc usually uses a UNIX domain socket to send messages.
>
> Why don't you simply use the system() source? Or at least define use unix-dgram("/dev/log")
>
> On Aug 6, 2014 11:11 AM, "Jean Faye" <ismael.faye at yahoo.fr <mailto:ismael.faye at yahoo.fr>> wrote:
>
>
>
> Hi all,
> I want to use syslog-ng to log the messages generated by my application implemented in C language. I added this in the code:
>
> char *log="rtcd";
> printf("[%s] RTC adjustement\n",__func__);
> openlog(log, LOG_PID, LOG_LOCAL0);
> syslog(LOG_DEBUG, "[FIJ] RTC adjustement");
> closelog();
>
>
> For me, according to the syslog-ng file, the files /var/log/ldb/GENTrace.log, /var/log/ldb/SUTrace.log, /var/log/ldb/WANTrace.log and /var/log/ldb/CPLTrace.log must be created and must contain the syslog message.
> But I got no messages in my destination files. You can see the content of my syslog-ng.conf file bellow.
>
> Is it the right way to log the messages sent by C program? What can explain that I got no messages in the destinations files?
>
> I am using syslog-ng 3.5.4.1 provided by yocto. And in the script which run the binary (initscript file) I remove the line below:
>
> . /etc/init.d/functions
>
> Why are you using the line? Is it necessary to use it?
>
> Concerning log file rotation, How can we manage it using syslog-ng? For example I want to have a destination file with a size maximum = 2Mo and if the size is greater than the max size, I have to save the current one and create a new one. On my system I can have max 4 files (4 x 2Mo). How can I manage this kind of rotation?
>
> Thanks in advance.
> Best regards,
> Ismael Jean FAYE
>
> @version: 3.5
> #
> # Syslog-ng configuration file, compatible with default Debian syslogd
> # installation. Originally written by anonymous (I can't find his name)
> # Revised, and rewrited by me (SZALAY Attila <sasa at debian.org <mailto:sasa at debian.org>>)
>
> # First, set some global options.
> options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
> owner("root"); group("adm"); perm(0640); stats_freq(0);
> bad_hostname("^gconfd$");create_dirs(yes);
> };
>
> ########################
> # Sources
> ########################
>
> source s_mysource {
> pipe("/tmp/pipe" pad_size(2048));
> };
>
> ########################
> # Destinations
> ########################
>
> destination d_GEN {
> file("/var/log/ldb/GENTrace.log");
> };
>
> destination d_SU {
> file("/var/log/ldb/SUTrace.log");
> };
>
> destination d_WAN {
> file("/var/log/ldb/WANTrace.log");
> };
>
> destination d_CPL {
> file("/var/log/ldb/CPLTrace.log");
> };
>
> ########################
> # Filters
> ########################
>
> filter f_GEN {
> #facility(local0) and filter(nom_du_composant_applicatif);
> #facility(local0) and filter(f_debug);
> facility(local0);
> };
>
> filter f_SU {
> #facility(local0) and filter(nom_du_composant_applicatif);
> #facility(local0) and filter(f_debug);
> facility(local0);
> };
>
> filter f_WAN {
> #facility(local0) and filter(nom_du_composant_applicatif);
> #facility(local0) and filter(f_debug);
> facility(local0);
> };
>
> filter f_CPL {
> #facility(local0) and filter(nom_du_composant_applicatif);
> #facility(local0) and filter(f_debug);
> facility(local0);
> };
>
> ########################
> # Log paths
> ########################
>
> log { source(s_mysource); filter(f_GEN); destination(d_GEN); };
> log { source(s_mysource); filter(f_SU); destination(d_SU); };
> log { source(s_mysource); filter(f_WAN); destination(d_WAN); };
> log { source(s_mysource); filter(f_CPL); destination(d_CPL); };
>
>
>
>
> Le Mardi 5 août 2014 16h05, Jean Faye <ismael.faye at yahoo.fr <mailto:ismael.faye at yahoo.fr>> a écrit :
>
>
> confirm a6d843f7ad7d1dbf1fefb6f12432e54941a680a9
>
> Hi all,
> I want to use syslog-ng to log the messages generated by my application implemented in C language. I added this in the code:
>
> char *log="rtcd";
> printf("[%s] RTC adjustement\n",__func__);
> openlog(log, LOG_PID, LOG_LOCAL0);
> syslog(LOG_DEBUG, "[FIJ] RTC adjustement");
> closelog();
>
>
> For me, according to the syslog-ng file, the files /var/log/ldb/GENTrace.log, /var/log/ldb/SUTrace.log, /var/log/ldb/WANTrace.log and /var/log/ldb/CPLTrace.log must be created and must contain the syslog message.
> But I got no messages in my destination files. You can see the content of my syslog-ng.conf file bellow.
>
> Is it the right way to log the messages sent by C program? What can explain that I got no messages in the destinations files?
>
> Concerning log file rotation, How can we manage it using syslog-ng? For example I want to have a destination file with a size maximum = 2Mo and if the size is greater than the max size, I have to save the current one and create a new one. On my system I can have max 4 files (4 x 2Mo). How can I manage this kind of rotation?
>
> Thanks in advance.
> Best regards,
> Ismael Jean FAYE
>
> @version: 3.5
> #
> # Syslog-ng configuration file, compatible with default Debian syslogd
> # installation. Originally written by anonymous (I can't find his name)
> # Revised, and rewrited by me (SZALAY Attila <sasa at debian.org <mailto:sasa at debian.org>>)
>
> # First, set some global options.
> options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
> owner("root"); group("adm"); perm(0640); stats_freq(0);
> bad_hostname("^gconfd$");create_dirs(yes);
> };
>
> ########################
> # Sources
> ########################
>
> source s_mysource {
> pipe("/tmp/pipe" pad_size(2048));
> };
>
> ########################
> # Destinations
> ########################
>
> destination d_GEN {
> file("/var/log/ldb/GENTrace.log");
> };
>
> destination d_SU {
> file("/var/log/ldb/SUTrace.log");
> };
>
> destination d_WAN {
> file("/var/log/ldb/WANTrace.log");
> };
>
> destination d_CPL {
> file("/var/log/ldb/CPLTrace.log");
> };
>
> ########################
> # Filters
> ########################
>
> #filter f_GEN {
> #facility(local0) and filter(nom_du_composant_applicatif);
> #facility(local0) and filter(f_debug);
> #facility(local0);
> #};
>
> filter f_SU {
> #facility(local0) and filter(nom_du_composant_applicatif);
> #facility(local0) and filter(f_debug);
> facility(local0);
> };
>
> filter f_WAN {
> #facility(local0) and filter(nom_du_composant_applicatif);
> #facility(local0) and filter(f_debug);
> facility(local0);
> };
>
> filter f_CPL {
> #facility(local0) and filter(nom_du_composant_applicatif);
> #facility(local0) and filter(f_debug);
> facility(local0);
> };
>
> ########################
> # Log paths
> ########################
>
> #log { source(s_mysource); filter(f_GEN); destination(d_GEN); };
> log { source(s_mysource); filter(f_SU); destination(d_SU); };
> log { source(s_mysource); filter(f_WAN); destination(d_WAN); };
> log { source(s_mysource); filter(f_CPL); destination(d_CPL); };
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
--
Evan Rempel erempel at uvic.ca
Senior Systems Administrator 250.721.7691
Data Centre Services, University Systems, University of Victoria
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140807/08a7c374/attachment-0001.htm
More information about the syslog-ng
mailing list