Three functionsOpenlog, Syslog, Closelog is a set of system log write interfaces. The other vsyslog is the same as the Syslog function, except that the parameter formats are different. http://blog.const.net.cn/a/17152.htm on the net of drinking small wine
Principle: Typically, the syslog daemon reads a record message in three formats. This daemon reads a configuration file at startup. In general, its file name is/etc/Syslog.Conf (note:ifYou want to redirectLogTo and place,You need to the change this), the file determines where different kinds of messages should be sent. For example, an emergency message can be sent to the system administrator (if logged in) and displayed on the console, while a warning message can be logged to a file. The mechanism provides a syslog function whose invocation format is as follows
CallOpenlogis selectable. If you do not callOpenlog, the first time the syslog is invoked, theOpenlog。 Calling Closelog is also optional, and it simply closes the descriptor that is used to communicate with the syslog daemon. CallOpenlogAllows us to specify a ident, and later, this ident will be added to each record message. Ident is generally the name of the program (for example, cron, INE, etc.)
The usage example code for the program is as follows:
"This was a syslog test message generated by program '%s '/n",
After the build executable is compiled, running the program once will/Var/Log/The message file adds a line of information as follows:
Feb 12 08:48:Mymsgmark localhost: Thisis a syslogTestMessage generated by program'./a.out '
Openlogand Closelog function description
This function is prototyped as follows:
This function is used to open a connection to the system logger, which can then be used to add information to the system log using a syslog or Vsyslog function. The Closelog function is used to close the connection.
OpenlogThe first parameter, ident, will be a token, and the string represented by ident will be fixed to the front of each line of the log to identify the log, usually written as the name of the current program for marking. The second parameter, option, is the result of the following values: Log_cons, Log_ndelay, log_nowait, Log_odelay, Log_perror, Log_pid, please refer to man for the meaning of each value.OpenlogManual:
Writedirectly tosystemConsoleifThere is anError whileSending tosystemLogger.
OpenThe connection immediately(Normally,The connection is opened if the first message is logged).
Don ' t wait forChild processes. May has been created whileLogging the message.(The GNU C Library does notCreate a
Child process,So ThisOption have no effect onLinux.)
The converse of Log_ndelay;Opening of the connection is delayed until syslog()is called.( Thisis thedefault, andNeed
( notIn SUSv3.)Print tostderrAs well.
IncludePID with each message.It feels more convenient to debug.
The third parameter indicates the type of program that logs the log.
syslog Functions and parameters
The Syslog function is used to send the log message to the System program SYSLOGD to record, the function prototype is:
The first parameter is the urgency level of the message, the second parameter is the format of the message, followed by the format parameter. is used just like the printf function.
If our program uses the System log feature, you only need to use it when the program startsOpenlogfunction to connect the SYSLOGD program, then write the log with the Syslog function at any time.
Each syslog message is given one of the following primary devices:http://blog.const.net.cn/a/17152.htm on the net of drinking small wine
log_auth--Authentication system: Login, Su, Getty, etc.
log_authpriv--with Log_auth, but only log in to the selected single user-readable file
Log_cron--cron Daemon Process
log_daemon--Other system daemons, such as routed
log_ftp--File Transfer Protocol: FTPD, TFTPD
log_lpr--System Printer Buffer pool: LPR, LPD
log_news--Network News System
log_syslog--internal messages generated by SYSLOGD (8)
log_user--messages generated by random user processes
Log_local0~log_local7--reserved for local use
The syslog assigns several different priority levels to each event:
log_alert--should be immediately corrected for problems such as system database corruption
log_crit--important situations, such as hard drive errors
log_notice--is not an error condition, but may need to be handled
log_debug--contains information about intelligence that is typically intended to be used when debugging a program
Syslog.The Conf file indicates the behavior of the SYSLOGD program record log, which queries the configuration file at startup. The file consists of a single entry that is categorized by different programs or messages, with each row. Provides a selection field and an action field for each type of message. These fields are tab-delimited: The selection field indicates the type and priority of the message, and the Action field indicates the action performed by the SYSLOGD when it receives a message that matches the selection criteria. Each option is made up of devices and priorities. When a priority is specified, SYSLOGD will record a message with the same or higher priority level. So if you specify"Crit", all messages marked Crit, alert and Emerg will be recorded. The action field for each row indicates where the selected field should be sent when a given message is selected. For example, if you want to log all mail messages to a file, as follows:
#LogAll the MailMessagesIn one place
Other devices also have their own logs. UUCP and news devices can generate many external messages. It saves these messages to its own log (/Var/Log/Spooler) and limit the level to"Err"or higher. For example:
#Save Mail andNews errors of Level err andHigher in aspecialfile.
When an urgent message arrives, you may want to get all the users. You may also want to have your logs received and saved.
#EverybodygetsEmergency messages,PlusLogthem on anther machine
The alert message should be written in root and Tiger's personal account:
#Root andTiger Get Alert andHigherMessages
Sometimes syslogd will generate a lot of messages. such as the kernel ("Kern"Equipment) can be lengthy. The user may want to log the kernel message to/Dev/Console. The following example shows that the kernel log record is commented out:
#LogAll kernelMessagesTo the console
#Logging muchElseClutters up the screen
The user can indicate all devices in a single row. The following example sends an info or higher-level message to/Var/Log/messages, except mail. Level"None"Disable a device:
#LogAnything (except mail) of level infoorHigher
#Don ' t log private authentication messages!
In some cases, the log can be sent to the printer, so that the network intruder how to modify the log is useless. Logging is usually widely documented. A syslog device is a significant target for an attacker. A system that maintains logs for other hosts is particularly vulnerable to server attacks, so pay special attention.
There's a little command. Logger provides a shell command interface for syslog (3) system log files, allowing users to create entries in the log file. Usage: Logger For example: Logger This is a test!
It will produce a syslog record like this: 22:22:34 Tiger:this is a test!
Be careful not to trust the log completely, because the attacker can easily modify it.
reprinted from [blog.const.net.cn] drink small wine net pick and this article link address: http://blog.const.net.cn/a/17152.htm
Linux System log function Syslog,openlog,closelog function