[syslog-ng] How to log messages generated by C program and log file rotation
Balazs Scheidler
bazsi77 at gmail.com
Thu Aug 7 18:30:02 CEST 2014
Hi,
syslog-ng will happily parse RFC5424 formatted messages and can even
convert RFC3164 to RFC5424 automatically. However RFC5424 only specifies
network transports (in RFC5425 and 5426), and the syslog() API doesn't
support that.
The question what you want to accomplish? if you want to send RFC5424
formatted messages, then the easiest is to format it yourself, send it
using a socket and avoid using the syslog API in the libc.
syslog-ng will be able to parse RFC5424 even over a unix-dgram socket or a
named pipe, like this:
unix-dgram("/dev/log" flags(syslog-protocol));
or
pipe("/tmp/named-pipe" flags(syslog-protocol));
After having received the logs this way, you need to decide the file format
you want to use for your application. By default, syslog-ng uses a
traditional "syslog" style output file, but you can change that too by
using a custom template, that can reference RFC5424 fields:
file("/var/log/messages" template("$ISODATE $HOST $SDATA $MSGHDR$MSG\n"));
In this example, you'd add this would include structured data in your file
format. You can also use straight RFC5424 records within a file, but that's
not easily readable, but you can do that:
file("/var/log/messages" flags(syslog-protocol));
Or you can mimic the same format using the template() option.
Hope this helps,
Bazsi
On Thu, Aug 7, 2014 at 4:11 PM, Jean Faye <ismael.faye at yahoo.fr> wrote:
> Hi all,
> Thank you for your answer. Now I am using unix-dgram("/dev/log") and it's
> working. I see my logs in the destination files.
>
> But those logs are not in IETF syslog format (RFC5424). I have this kind
> of logs:
>
> 2013-01-01T01:00:24+01:00 mymachine program[1173]:
> adjustement
>
> How can my C program generate logs in RFC5424 format? Can I still use
> syslog() call in C program to generate logs in RFC5424?
>
> And in order to receive the logs in RFC5424 format, is enough to have:
> source { unix-dgram ("/dev/log") flags(syslog-protocol);}; ?
>
> Concerning the date and time in the messages, what do we have to do in
> order to have it in UTC ?
>
> Thank you in advance.
> Best regards,
> Ismael Jean FAYE
>
>
>
> Le Mercredi 6 août 2014 17h14, Evan Rempel <erempel at uvic.ca> a écrit :
>
>
> Your C program is using the syslog API to the kernel. This will only ever
> be available via
> the /dev/log mechanism exposed by the kernel.
>
> Your current syslog-ng.conf file specifies a source of
>
> source s_mysource {
> pipe("/tmp/pipe" pad_size(2048));
> };
>
>
> which is not where the C call of syslog() sends the syslog messages.
>
> Like Balazs stated, you need to use the syslog-ng system() source or
> define a syslog-ng source containing unix-dgram("/dev/log")
> in order to read out the messages produced by the call to syslog() from
> your C program.
>
> Evan.
>
>
> On 08/06/2014 07:49 AM, Balazs Scheidler wrote:
> > Hi,
> >
> > You seem to have defined the source as a named pipe whereas the libc
> usually uses a UNIX domain socket to send messages.
> >
> > Why don't you simply use the system() source? Or at least define use
> unix-dgram("/dev/log")
> >
> > On Aug 6, 2014 11:11 AM, "Jean Faye" <ismael.faye at yahoo.fr <mailto:
> ismael.faye at yahoo.fr>> wrote:
> >
> >
> >
> > Hi all,
> > I want to use syslog-ng to log the messages generated by my
> application implemented in C language. I added this in the code:
> >
> > char *log="rtcd";
> > printf("[%s] RTC adjustement\n",__func__);
> > openlog(log, LOG_PID, LOG_LOCAL0);
> > syslog(LOG_DEBUG, "[FIJ] RTC adjustement");
> > closelog();
> >
> >
> > For me, according to the syslog-ng file, the files
> /var/log/ldb/GENTrace.log, /var/log/ldb/SUTrace.log,
> /var/log/ldb/WANTrace.log and /var/log/ldb/CPLTrace.log must be created and
> must contain the syslog message.
> > But I got no messages in my destination files. You can see the
> content of my syslog-ng.conf file bellow.
> >
> > Is it the right way to log the messages sent by C program? What can
> explain that I got no messages in the destinations files?
> >
> > I am using syslog-ng 3.5.4.1 provided by yocto. And in the script
> which run the binary (initscript file) I remove the line below:
> >
> > . /etc/init.d/functions
> >
> > Why are you using the line? Is it necessary to use it?
> >
> > Concerning log file rotation, How can we manage it using syslog-ng?
> For example I want to have a destination file with a size maximum = 2Mo and
> if the size is greater than the max size, I have to save the current one
> and create a new one. On my system I can have max 4 files (4 x 2Mo). How
> can I manage this kind of rotation?
> >
> > Thanks in advance.
> > Best regards,
> > Ismael Jean FAYE
> >
> > @version: 3.5
> > #
> > # Syslog-ng configuration file, compatible with default Debian syslogd
> > # installation. Originally written by anonymous (I can't find his
> name)
> > # Revised, and rewrited by me (SZALAY Attila <sasa at debian.org
> <mailto:sasa at debian.org>>)
> >
> > # First, set some global options.
> > options { chain_hostnames(off); flush_lines(0); use_dns(no);
> use_fqdn(no);
> > owner("root"); group("adm"); perm(0640); stats_freq(0);
> > bad_hostname("^gconfd$");create_dirs(yes);
> > };
> >
> > ########################
> > # Sources
> > ########################
> >
> > source s_mysource {
> > pipe("/tmp/pipe" pad_size(2048));
> > };
> >
> > ########################
> > # Destinations
> > ########################
> >
> > destination d_GEN {
> > file("/var/log/ldb/GENTrace.log");
> > };
> >
> > destination d_SU {
> > file("/var/log/ldb/SUTrace.log");
> > };
> >
> > destination d_WAN {
> > file("/var/log/ldb/WANTrace.log");
> > };
> >
> > destination d_CPL {
> > file("/var/log/ldb/CPLTrace.log");
> > };
> >
> > ########################
> > # Filters
> > ########################
> >
> > filter f_GEN {
> > #facility(local0) and
> filter(nom_du_composant_applicatif);
> > #facility(local0) and filter(f_debug);
> > facility(local0);
> > };
> >
> > filter f_SU {
> > #facility(local0) and
> filter(nom_du_composant_applicatif);
> > #facility(local0) and filter(f_debug);
> > facility(local0);
> > };
> >
> > filter f_WAN {
> > #facility(local0) and
> filter(nom_du_composant_applicatif);
> > #facility(local0) and filter(f_debug);
> > facility(local0);
> > };
> >
> > filter f_CPL {
> > #facility(local0) and
> filter(nom_du_composant_applicatif);
> > #facility(local0) and filter(f_debug);
> > facility(local0);
> > };
> >
> > ########################
> > # Log paths
> > ########################
> >
> > log { source(s_mysource); filter(f_GEN); destination(d_GEN); };
> > log { source(s_mysource); filter(f_SU); destination(d_SU); };
> > log { source(s_mysource); filter(f_WAN); destination(d_WAN); };
> > log { source(s_mysource); filter(f_CPL); destination(d_CPL); };
> >
> >
> >
> >
> > Le Mardi 5 août 2014 16h05, Jean Faye <ismael.faye at yahoo.fr <mailto:
> ismael.faye at yahoo.fr>> a écrit :
> >
> >
> > confirm a6d843f7ad7d1dbf1fefb6f12432e54941a680a9
> >
> > Hi all,
> > I want to use syslog-ng to log the messages generated by my
> application implemented in C language. I added this in the code:
> >
> > char *log="rtcd";
> > printf("[%s] RTC adjustement\n",__func__);
> > openlog(log, LOG_PID, LOG_LOCAL0);
> > syslog(LOG_DEBUG, "[FIJ] RTC adjustement");
> > closelog();
> >
> >
> > For me, according to the syslog-ng file, the files
> /var/log/ldb/GENTrace.log, /var/log/ldb/SUTrace.log,
> /var/log/ldb/WANTrace.log and /var/log/ldb/CPLTrace.log must be created and
> must contain the syslog message.
> > But I got no messages in my destination files. You can see the
> content of my syslog-ng.conf file bellow.
> >
> > Is it the right way to log the messages sent by C program? What can
> explain that I got no messages in the destinations files?
> >
> > Concerning log file rotation, How can we manage it using syslog-ng?
> For example I want to have a destination file with a size maximum = 2Mo and
> if the size is greater than the max size, I have to save the current one
> and create a new one. On my system I can have max 4 files (4 x 2Mo). How
> can I manage this kind of rotation?
> >
> > Thanks in advance.
> > Best regards,
> > Ismael Jean FAYE
> >
> > @version: 3.5
> > #
> > # Syslog-ng configuration file, compatible with default Debian syslogd
> > # installation. Originally written by anonymous (I can't find his
> name)
> > # Revised, and rewrited by me (SZALAY Attila <sasa at debian.org
> <mailto:sasa at debian.org>>)
> >
> > # First, set some global options.
> > options { chain_hostnames(off); flush_lines(0); use_dns(no);
> use_fqdn(no);
> > owner("root"); group("adm"); perm(0640); stats_freq(0);
> > bad_hostname("^gconfd$");create_dirs(yes);
> > };
> >
> > ########################
> > # Sources
> > ########################
> >
> > source s_mysource {
> > pipe("/tmp/pipe" pad_size(2048));
> > };
> >
> > ########################
> > # Destinations
> > ########################
> >
> > destination d_GEN {
> > file("/var/log/ldb/GENTrace.log");
> > };
> >
> > destination d_SU {
> > file("/var/log/ldb/SUTrace.log");
> > };
> >
> > destination d_WAN {
> > file("/var/log/ldb/WANTrace.log");
> > };
> >
> > destination d_CPL {
> > file("/var/log/ldb/CPLTrace.log");
> > };
> >
> > ########################
> > # Filters
> > ########################
> >
> > #filter f_GEN {
> > #facility(local0) and
> filter(nom_du_composant_applicatif);
> > #facility(local0) and filter(f_debug);
> > #facility(local0);
> > #};
> >
> > filter f_SU {
> > #facility(local0) and filter(nom_du_composant_applicatif);
> > #facility(local0) and filter(f_debug);
> > facility(local0);
> > };
> >
> > filter f_WAN {
> > #facility(local0) and
> filter(nom_du_composant_applicatif);
> > #facility(local0) and filter(f_debug);
> > facility(local0);
> > };
> >
> > filter f_CPL {
> > #facility(local0) and
> filter(nom_du_composant_applicatif);
> > #facility(local0) and filter(f_debug);
> > facility(local0);
> > };
> >
> > ########################
> > # Log paths
> > ########################
> >
> > #log { source(s_mysource); filter(f_GEN); destination(d_GEN); };
> > log { source(s_mysource); filter(f_SU); destination(d_SU); };
> > log { source(s_mysource); filter(f_WAN); destination(d_WAN); };
> > log { source(s_mysource); filter(f_CPL); destination(d_CPL); };
> >
> >
> >
> >
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
> >
> >
> >
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
>
>
> --
> Evan Rempel erempel at uvic.ca
> Senior Systems Administrator 250.721.7691
> Data Centre Services, University Systems, University of Victoria
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
--
Bazsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140807/76c315c4/attachment-0001.htm
More information about the syslog-ng
mailing list