Introduction to the GNU Linux syslog daemon and examples of syslog log writes

Rsyslog Process

Syslog is a tool that records logging in the system and can support local or remote log writes.

In the LinuxMint environment, the upstart-based daemon is placed in the/etc/init/directory, and the following command can be used to view the specific startup script:

[Email protected]:/var/log$ less/etc/init/rsyslog.conf

To see if the current RSYSLOGD has been started:

[Email protected]:/var/log$ initctl List | grep rsyslog
Rsyslog start/running, Process 634

4. Flexible use of syslog call interface　

During the actual use, we can use the syslog through the configuration file and view the corresponding log file. However, in many application scenarios, we often need to generate output information through the program and record, that is, to write some information into a log file, the following will detail how to use the syslog system provided by the API call interface, using the program to implement the use of the syslog.

1. The main function

In Linux, four system calls are provided for the Syslog log system for use by the user:

Openlog: Open the log device for reading and writing, similar to the open file system call;

Syslog: Writes a log, similar to the write of a file system call;

Closelog: Turns off the log device, similar to the file system call close;

Vsyslog: Like the syslog function, it is responsible for writing to the log, except that the parameter format is different.

(1) Openlog function

The declaration of this function is as follows:

void Openlog (const char *ident, int option, int facility);

This function is used to open a connection to the system logger, which can then be used to add information to the system log using a syslog or Vsyslog function. The Closelog function is used to close the connection.

Openlog's first parameter, ident, is a token, and the string represented by ident is pinned to the front of each line of the log to identify the log, usually written as the name of the current program for marking. The second parameter, option, is typically the following option value for the "and" Operation (using the "|" Say, "log_cons | Log_pid ") Results:

Log_cons: If a problem occurs when sending to system logger, write directly to the terminal;

Log_ndelay: Immediately open the connection, usually the connection is opened the first time the message is written;

Log_perror: The message is also sent to the STDERR device;

Log_pid: Contains the process PID into all messages.

The third parameter, facility, indicates the type of program that logs the log, and it mainly has the following types of logs:

Log_auth: Security/Authorization Message

LOG_AUTHPRIV: Security/Authorization Message

Log_cron: Time Daemon (CRON and at) dedicated

Log_daemon: Other System daemons

Log_kern: Core Message

Log_local0 to LOG_LOCAL7: System reserved

Log_lpr:printer Subsystem

Log_mail:mail Subsystem

Log_news:usenet News Subsystem

Messages generated internally by the LOG_SYSLOG:SYSLOGD process

Log_user (default): The general user uses the message by default

LOG_UUCP:UUCP Subsystem

LOG_FTP:FTP Subsystem Usage

(2) Syslog function

The syslog functions are declared as follows:

void syslog (int priority, const char * message, ...);

The first parameter is the urgency level of the message priority, the second parameter is the message and its format, followed by the format corresponding to the parameters, like the C language inside the printf output function to use, the specific format is no longer detailed here, it is not the focus of this book introduction.

There is also a need to introduce the first parameter priority, which is made up of severity level and facility. Facility has been introduced above, the following describes the severity level, which is the important levels of the message, it mainly includes:

Log_emerg: Emergency situation

Log_alert: High-priority issues, such as database crashes, require immediate response action

Log_crit: Important situations, such as hardware failures

Log_err: Error occurred

Log_warning: Warning occurs

Log_notice: General situation, need to attract attention

Log_info: Information Status

Log_debug: Debug Message

In the actual use, if our program to use the System log function, only need to use the Openlog function when the program starts to connect the SYSLOGD program, after any time with the Syslog function to write the log on the line.

(3) Closelog function

The function is very simple relative to the above 2 functions, which are declared as follows:

void Closelog (void);

It is worth noting that although the use and invocation of this function is very simple, but is necessary, because in the Linux system, the open log is also a resource, if you only use the Openlog function to open the log, and forget to use Closelog to close the log, when the number of open logs accumulated to a certain extent , it causes insufficient memory, which can cause system problems. Therefore, remind the user to pay special attention in the use.

Examples of tests:

#include <stdio.h>
#include <syslog.h>

int main ()
{
int log_test;
Openlog ("Log_test", Log_pid,log_user);
Syslog (Log_info, "PID information, pid=%d\n", Getpid ());
Syslog (Log_debug, "DEBUG message");
Closelog ();
}

You can see whether the above print information appears in the/var/log/syslog file, and you can use the Less/var/log/syslog command to jump to the end of the file to view it:

DEC 17:46:27 UFO log_test[7811]: PID information, pid=7811
DEC 17:46:27 UFO log_test[7811]: Debug Message

Introduction to the GNU Linux syslog daemon and examples of syslog log writes