<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt"><div style="" class=""><span style="" class="">Hi all,</span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span style="" class="">Thank you for your answer. Now I am using unix-dgram("/dev/log") and it's working. I see my logs in the destination files.</span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""><span style="" class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida
Grande,sans-serif; background-color: transparent; font-style: normal;"><span style="" class="">But those logs are not in IETF syslog format (RFC5424). I have this kind of logs:</span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"> 2013-01-01T01:00:24+01:00 mymachine program[1173]: adjustement<br style="" class=""><span style="" class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida
Grande,sans-serif; background-color: transparent; font-style: normal;"><span style="" class=""><br style="" class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span style="" class="">How can my C program generate logs in RFC5424 format? Can I still use syslog() call in C program to generate logs in RFC5424? <br style="" class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""><span style="" class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span
style="" class="">And in order to receive the logs in RFC5424 format, is enough to have: source { unix-dgram ("/dev/log") flags(syslog-protocol);}; ?</span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br><span style="" class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span style="" class="">Concerning the date and time in the messages, what do we have to do in order to have it in UTC ?<br></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""><span style=""
class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span style="" class="">Thank you in advance.</span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span style="" class="">Best regards,</span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span style="" class="">Ismael Jean FAYE<br style="" class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent;
font-style: normal;"><span style="" class=""><br style="" class=""></span></div> <div class="qtdSeparateBR"><br><br></div><div style="display: block;" class="yahoo_quoted"> <div class="" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div class="" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div style="" class="" dir="ltr"> <font style="" class="" size="2" face="Arial"> Le Mercredi 6 août 2014 17h14, Evan Rempel <erempel@uvic.ca> a écrit :<br style="" class=""> </font> </div> <br style="" class=""><br style="" class=""> <div style="" class="">Your C program is using the syslog API to the kernel. This will only ever be available via<br style="" class="" clear="none">the /dev/log mechanism exposed by the kernel.<br style="" class="" clear="none"><br style="" class="" clear="none">Your current syslog-ng.conf
file specifies a source of<br style="" class="" clear="none"><br style="" class="" clear="none"> source s_mysource {<br style="" class="" clear="none"> pipe("/tmp/pipe" pad_size(2048));<br style="" class="" clear="none"> };<br style="" class="" clear="none"><br style="" class="" clear="none"><br style="" class="" clear="none">which is not where the C call of syslog() sends the syslog messages.<br style="" class="" clear="none"><br style="" class="" clear="none">Like Balazs stated, you need to use the syslog-ng system() source or define a syslog-ng source containing unix-dgram("/dev/log")<br style="" class="" clear="none">in order to read out the messages produced by the call to syslog() from your C program.<br style="" class="" clear="none"><br style="" class="" clear="none">Evan.<br style="" class="" clear="none"><br style="" class="" clear="none"><br style="" class="" clear="none">On
08/06/2014 07:49 AM, Balazs Scheidler wrote:<br style="" class="" clear="none">> Hi,<br style="" class="" clear="none">><br style="" class="" clear="none">> You seem to have defined the source as a named pipe whereas the libc usually uses a UNIX domain socket to send messages.<br style="" class="" clear="none">><br style="" class="" clear="none">> Why don't you simply use the system() source? Or at least define use unix-dgram("/dev/log")<br style="" class="" clear="none">><br style="" class="" clear="none">> On Aug 6, 2014 11:11 AM, "Jean Faye" <<a style="" class="" shape="rect" ymailto="mailto:ismael.faye@yahoo.fr" href="mailto:ismael.faye@yahoo.fr">ismael.faye@yahoo.fr</a> <mailto:<a style="" class="" shape="rect" ymailto="mailto:ismael.faye@yahoo.fr" href="mailto:ismael.faye@yahoo.fr">ismael.faye@yahoo.fr</a>>> wrote:<br style="" class="" clear="none">><br style="" class="" clear="none">><br style="" class=""
clear="none">><br style="" class="" clear="none">> Hi all,<br style="" class="" clear="none">> I want to use syslog-ng to log the messages generated by my application implemented in C language. I added this in the code:<br style="" class="" clear="none">><br style="" class="" clear="none">> char *log="rtcd";<br style="" class="" clear="none">> printf("[%s] RTC adjustement\n",__func__);<br style="" class="" clear="none">> openlog(log, LOG_PID, LOG_LOCAL0);<br style="" class="" clear="none">> syslog(LOG_DEBUG, "[FIJ] RTC adjustement");<br style="" class="" clear="none">> closelog();<br style="" class="" clear="none">><br style="" class="" clear="none">><br style="" class="" clear="none">> For me,
according to the syslog-ng file, the files /var/log/ldb/GENTrace.log, /var/log/ldb/SUTrace.log, /var/log/ldb/WANTrace.log and /var/log/ldb/CPLTrace.log must be created and must contain the syslog message.<br style="" class="" clear="none">> But I got no messages in my destination files. You can see the content of my syslog-ng.conf file bellow.<br style="" class="" clear="none">><br style="" class="" clear="none">> Is it the right way to log the messages sent by C program? What can explain that I got no messages in the destinations files?<br style="" class="" clear="none">><br style="" class="" clear="none">> I am using syslog-ng 3.5.4.1 provided by yocto. And in the script which run the binary (initscript file) I remove the line below:<br style="" class="" clear="none">><br style="" class="" clear="none">> . /etc/init.d/functions<br style="" class="" clear="none">><br
style="" class="" clear="none">> Why are you using the line? Is it necessary to use it?<br style="" class="" clear="none">><br style="" class="" clear="none">> Concerning log file rotation, How can we manage it using syslog-ng? For example I want to have a destination file with a size maximum = 2Mo and if the size is greater than the max size, I have to save the current one and create a new one. On my system I can have max 4 files (4 x 2Mo). How can I manage this kind of rotation?<br style="" class="" clear="none">><br style="" class="" clear="none">> Thanks in advance.<br style="" class="" clear="none">> Best regards,<br style="" class="" clear="none">> Ismael Jean FAYE<br style="" class="" clear="none">><br style="" class="" clear="none">> @version: 3.5<br style="" class="" clear="none">> #<br style="" class=""
clear="none">> # Syslog-ng configuration file, compatible with default Debian syslogd<br style="" class="" clear="none">> # installation. Originally written by anonymous (I can't find his name)<br style="" class="" clear="none">> # Revised, and rewrited by me (SZALAY Attila <<a style="" class="" shape="rect" ymailto="mailto:sasa@debian.org" href="mailto:sasa@debian.org">sasa@debian.org</a> <mailto:<a style="" class="" shape="rect" ymailto="mailto:sasa@debian.org" href="mailto:sasa@debian.org">sasa@debian.org</a>>>)<br style="" class="" clear="none">><br style="" class="" clear="none">> # First, set some global options.<br style="" class="" clear="none">> options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);<br style="" class="" clear="none">> owner("root"); group("adm"); perm(0640);
stats_freq(0);<br style="" class="" clear="none">> bad_hostname("^gconfd$");create_dirs(yes);<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> ########################<br style="" class="" clear="none">> # Sources<br style="" class="" clear="none">> ########################<br style="" class="" clear="none">><br style="" class="" clear="none">> source s_mysource {<br style="" class="" clear="none">> pipe("/tmp/pipe" pad_size(2048));<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> ########################<br style="" class="" clear="none">> # Destinations<br style="" class="" clear="none">>
########################<br style="" class="" clear="none">><br style="" class="" clear="none">> destination d_GEN {<br style="" class="" clear="none">> file("/var/log/ldb/GENTrace.log");<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> destination d_SU {<br style="" class="" clear="none">> file("/var/log/ldb/SUTrace.log");<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> destination d_WAN {<br style="" class="" clear="none">> file("/var/log/ldb/WANTrace.log");<br style="" class="" clear="none">>
};<br style="" class="" clear="none">><br style="" class="" clear="none">> destination d_CPL {<br style="" class="" clear="none">> file("/var/log/ldb/CPLTrace.log");<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> ########################<br style="" class="" clear="none">> # Filters<br style="" class="" clear="none">> ########################<br style="" class="" clear="none">><br style="" class="" clear="none">> filter f_GEN {<br style="" class="" clear="none">> #facility(local0) and filter(nom_du_composant_applicatif);<br style="" class="" clear="none">>
#facility(local0) and filter(f_debug);<br style="" class="" clear="none">> facility(local0);<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> filter f_SU {<br style="" class="" clear="none">> #facility(local0) and filter(nom_du_composant_applicatif);<br style="" class="" clear="none">> #facility(local0) and filter(f_debug);<br style="" class="" clear="none">> facility(local0);<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> filter f_WAN {<br style=""
class="" clear="none">> #facility(local0) and filter(nom_du_composant_applicatif);<br style="" class="" clear="none">> #facility(local0) and filter(f_debug);<br style="" class="" clear="none">> facility(local0);<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> filter f_CPL {<br style="" class="" clear="none">> #facility(local0) and filter(nom_du_composant_applicatif);<br style="" class="" clear="none">> #facility(local0) and filter(f_debug);<br style="" class=""
clear="none">> facility(local0);<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> ########################<br style="" class="" clear="none">> # Log paths<br style="" class="" clear="none">> ########################<br style="" class="" clear="none">><br style="" class="" clear="none">> log { source(s_mysource); filter(f_GEN); destination(d_GEN); };<br style="" class="" clear="none">> log { source(s_mysource); filter(f_SU); destination(d_SU); };<br style="" class="" clear="none">> log { source(s_mysource); filter(f_WAN); destination(d_WAN); };<br style="" class="" clear="none">> log { source(s_mysource); filter(f_CPL); destination(d_CPL); };<br style="" class=""
clear="none">><br style="" class="" clear="none">><br style="" class="" clear="none">><br style="" class="" clear="none">><br style="" class="" clear="none">> Le Mardi 5 août 2014 16h05, Jean Faye <<a style="" class="" shape="rect" ymailto="mailto:ismael.faye@yahoo.fr" href="mailto:ismael.faye@yahoo.fr">ismael.faye@yahoo.fr</a> <mailto:<a style="" class="" shape="rect" ymailto="mailto:ismael.faye@yahoo.fr" href="mailto:ismael.faye@yahoo.fr">ismael.faye@yahoo.fr</a>>> a écrit :<br style="" class="" clear="none">><br style="" class="" clear="none">><br style="" class="" clear="none">> confirm a6d843f7ad7d1dbf1fefb6f12432e54941a680a9<br style="" class="" clear="none">><br style="" class="" clear="none">> Hi all,<br style="" class="" clear="none">> I want to use syslog-ng to log the messages generated by my application implemented in C language. I
added this in the code:<br style="" class="" clear="none">><br style="" class="" clear="none">> char *log="rtcd";<br style="" class="" clear="none">> printf("[%s] RTC adjustement\n",__func__);<br style="" class="" clear="none">> openlog(log, LOG_PID, LOG_LOCAL0);<br style="" class="" clear="none">> syslog(LOG_DEBUG, "[FIJ] RTC adjustement");<br style="" class="" clear="none">> closelog();<br style="" class="" clear="none">><br style="" class="" clear="none">><br style="" class="" clear="none">> For me, according to the syslog-ng file, the files /var/log/ldb/GENTrace.log, /var/log/ldb/SUTrace.log, /var/log/ldb/WANTrace.log and /var/log/ldb/CPLTrace.log must be created and must contain the syslog message.<br style="" class=""
clear="none">> But I got no messages in my destination files. You can see the content of my syslog-ng.conf file bellow.<br style="" class="" clear="none">><br style="" class="" clear="none">> Is it the right way to log the messages sent by C program? What can explain that I got no messages in the destinations files?<br style="" class="" clear="none">><br style="" class="" clear="none">> Concerning log file rotation, How can we manage it using syslog-ng? For example I want to have a destination file with a size maximum = 2Mo and if the size is greater than the max size, I have to save the current one and create a new one. On my system I can have max 4 files (4 x 2Mo). How can I manage this kind of rotation?<br style="" class="" clear="none">><br style="" class="" clear="none">> Thanks in advance.<br style="" class="" clear="none">> Best regards,<br style=""
class="" clear="none">> Ismael Jean FAYE<br style="" class="" clear="none">><br style="" class="" clear="none">> @version: 3.5<br style="" class="" clear="none">> #<br style="" class="" clear="none">> # Syslog-ng configuration file, compatible with default Debian syslogd<br style="" class="" clear="none">> # installation. Originally written by anonymous (I can't find his name)<br style="" class="" clear="none">> # Revised, and rewrited by me (SZALAY Attila <<a style="" class="" shape="rect" ymailto="mailto:sasa@debian.org" href="mailto:sasa@debian.org">sasa@debian.org</a> <mailto:<a style="" class="" shape="rect" ymailto="mailto:sasa@debian.org" href="mailto:sasa@debian.org">sasa@debian.org</a>>>)<br style="" class="" clear="none">><br style="" class="" clear="none">> # First, set some global options.<br style=""
class="" clear="none">> options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);<br style="" class="" clear="none">> owner("root"); group("adm"); perm(0640); stats_freq(0);<br style="" class="" clear="none">> bad_hostname("^gconfd$");create_dirs(yes);<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> ########################<br style="" class="" clear="none">> # Sources<br style="" class="" clear="none">> ########################<br style="" class="" clear="none">><br style="" class="" clear="none">> source s_mysource {<br style="" class="" clear="none">> pipe("/tmp/pipe" pad_size(2048));<br style="" class="" clear="none">> };<br
style="" class="" clear="none">><br style="" class="" clear="none">> ########################<br style="" class="" clear="none">> # Destinations<br style="" class="" clear="none">> ########################<br style="" class="" clear="none">><br style="" class="" clear="none">> destination d_GEN {<br style="" class="" clear="none">> file("/var/log/ldb/GENTrace.log");<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> destination d_SU {<br style="" class="" clear="none">> file("/var/log/ldb/SUTrace.log");<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class=""
clear="none">> destination d_WAN {<br style="" class="" clear="none">> file("/var/log/ldb/WANTrace.log");<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> destination d_CPL {<br style="" class="" clear="none">> file("/var/log/ldb/CPLTrace.log");<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> ########################<br style="" class="" clear="none">> # Filters<br style="" class="" clear="none">> ########################<br style="" class="" clear="none">><br style="" class="" clear="none">> #filter f_GEN {<br style="" class=""
clear="none">> #facility(local0) and filter(nom_du_composant_applicatif);<br style="" class="" clear="none">> #facility(local0) and filter(f_debug);<br style="" class="" clear="none">> #facility(local0);<br style="" class="" clear="none">> #};<br style="" class="" clear="none">><br style="" class="" clear="none">> filter f_SU {<br style="" class="" clear="none">> #facility(local0) and filter(nom_du_composant_applicatif);<br style="" class="" clear="none">> #facility(local0) and filter(f_debug);<br style="" class="" clear="none">>
facility(local0);<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> filter f_WAN {<br style="" class="" clear="none">> #facility(local0) and filter(nom_du_composant_applicatif);<br style="" class="" clear="none">> #facility(local0) and filter(f_debug);<br style="" class="" clear="none">> facility(local0);<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> filter f_CPL {<br style="" class="" clear="none">>
#facility(local0) and filter(nom_du_composant_applicatif);<br style="" class="" clear="none">> #facility(local0) and filter(f_debug);<br style="" class="" clear="none">> facility(local0);<br style="" class="" clear="none">> };<br style="" class="" clear="none">><br style="" class="" clear="none">> ########################<br style="" class="" clear="none">> # Log paths<br style="" class="" clear="none">> ########################<br style="" class="" clear="none">><br style="" class="" clear="none">> #log { source(s_mysource); filter(f_GEN); destination(d_GEN); };<br style="" class="" clear="none">> log { source(s_mysource); filter(f_SU); destination(d_SU); };<br style="" class=""
clear="none">> log { source(s_mysource); filter(f_WAN); destination(d_WAN); };<br style="" class="" clear="none">> log { source(s_mysource); filter(f_CPL); destination(d_CPL); };<br style="" class="" clear="none">><br style="" class="" clear="none">><br style="" class="" clear="none">><br style="" class="" clear="none">><br style="" class="" clear="none">> ______________________________________________________________________________<br style="" class="" clear="none">> Member info: <a style="" class="" shape="rect" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br style="" class="" clear="none">> Documentation: <a style="" class="" shape="rect" href="http://www.balabit.com/support/documentation/?product=syslog-ng"
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br style="" class="" clear="none">> FAQ: <a style="" class="" shape="rect" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br style="" class="" clear="none">><br style="" class="" clear="none">><br style="" class="" clear="none">><br style="" class="" clear="none">><br style="" class="" clear="none">> ______________________________________________________________________________<br style="" class="" clear="none">> Member info: <a style="" class="" shape="rect" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br style="" class="" clear="none">> Documentation: <a style="" class="" shape="rect" href="http://www.balabit.com/support/documentation/?product=syslog-ng"
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br style="" class="" clear="none">> FAQ: <a style="" class="" shape="rect" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br style="" class="" clear="none">><br style="" class="" clear="none"><br style="" class="" clear="none"><br style="" class="" clear="none">-- <br style="" class="" clear="none">Evan Rempel <a style="" class="" shape="rect" ymailto="mailto:erempel@uvic.ca" href="mailto:erempel@uvic.ca">erempel@uvic.ca</a><br style="" class="" clear="none">Senior Systems Administrator 250.721.7691<br style="" class="" clear="none">Data Centre Services, University Systems, University of
Victoria<div style="" class="" id="yqtfd59588"><br style="" class="" clear="none">______________________________________________________________________________<br style="" class="" clear="none">Member info: <a style="" class="" shape="rect" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br style="" class="" clear="none">Documentation: <a style="" class="" shape="rect" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br style="" class="" clear="none">FAQ: <a style="" class="" shape="rect" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br style="" class="" clear="none"></div><br style="" class=""><br style="" class=""></div> </div> </div> </div> </div></body></html>