syslog

發表於   |   分類於   |     |   閱讀次數   |  

了解 syslog

更新記錄

item note
20160728 第一版

目錄

Syslog 說明

  • Syslog常被稱為系統日誌或系統記錄
  • syslog協定屬於一種主從式協定:syslog發送端會傳送出一個小的文字訊息(小於1024位元組)到syslog接收端
  • 接收端通常名為: syslogd (syslog daemon)
  • 系統日誌訊息可以被以UDP協定及╱或TCP協定來傳送
  • hisi busybox的版本是無/etc/syslog.conf
  • Facility code / Severity level , (說明由那個程式產生 / 說明此打印log等級)
    • Each message is labeled with a facility code
    • indicating the software type generating the message, and assigned a severity label
    • A facility code is used to specify the type of program that is logging the message
    • Facility code(0: kernel message, 1:user-level message,,, 23:local user 7)
    • openlog() : 設定facility code(ex. LOG_LOCAL1)
    • syslog() : 設定Severity level(0:Emergency, 1:Alert,,, 7:Debug)
1
2
3
4
BusyBox v1.16.1 (2016-02-19 09:03:37 UTC) multi-call binary.

System logging utility.
This version of syslogd ignores /etc/syslog.conf

Syslogd無關系統記錄檔

  • /var/log/wtmp

記錄檔功能:記錄使用者(過去及目前)何時由何處進入系統、停留多久及系統開關機時間等訊息
檔案內容查閱指令:last [-option]

1
2
3
4
5
$ last
erwin    pts/40       :0               Tue Jul 26 17:18 - 17:28  (00:10)    
erwin    pts/33       :0               Mon Jul 25 10:09 - 10:10  (00:00)    
erwin    pts/34       :0               Mon Jul 25 09:33   still logged in   
erwin    pts/30       :0               Wed Jul 20 15:25   still logged in
  • /var/log/lastlog

記錄檔功能:記錄系統中每一位使用者最近一次login系統的資訊

1
2
3
4
5
6
7
8
9
10
$ lastlog
Username         Port     From             Latest
root                                       **Never logged in**
daemon                                     **Never logged in**
bin                                        **Never logged in**
sys                                        **Never logged in**
sync                                       **Never logged in**
xxx
erwin            pts/34   192.168.22.82    Thu Jul  7 09:15:18 +0800 2016
xxx

syslogd相關系統記錄檔

  • /var/log/messages

這個檔案相當的重要,幾乎系統發生的錯誤訊息

Syslog 範例

Syslog 測試

  • 記得先帶起syslogd,再來測試下例程式
1
2
3
4
5
6
7
8
#include <syslog.h>

int main(int argc, char **argv){
        openlog("SyslogTest", LOG_CONS | LOG_PID, LOG_LOCAL1);
        syslog(LOG_DEBUG,"This is a syslog test message generated by program '%s'/n",argv[0]);
        closelog();
        return 0;
}
  • /var/log/message
1
2
3
Jul 27 17:11:05 gk350a daemon.debug pppd[2879]: Script /etc/ppp/ip-up started (pid 2901)
Jul 27 17:11:05 gk350a daemon.debug pppd[2879]: Script /etc/ppp/ip-up finished (pid 2901), status = 0x0
Jul 27 09:36:52 gk350a local1.debug SyslogTest[3003]: This is a syslog test message generated by program '/a.out'/n

2879即為pppd的pid
3033即為a.out的pid

Syslog 說明

  • openlog()
    opens a connection to the system logger for a program

  • syslog()
    generates a log message

  • The option argument to openlog()

option note
LOG_CONS Write directly to system console if there is an error while sending to system logger.
LOG_PID Include PID with each message.
LOG_LOCAL0~7 reserved for local use

  • The facility argument is used to specify what type of program is logging the message

  • level

    • The levels are, in order of decreasing importance:
    • This determines the importance of the message
level note
LOG_EMERG system is unusable
LOG_ALERT action must be taken immediately
LOG_CRIT critical conditions
LOG_ERR error conditions
LOG_WARNING warning conditions
LOG_NOTICE normal, but significant, condition
LOG_INFO informational message
LOG_DEBUG debug-level message

Busybox Syslogd 用法

  • busybox syslogd
1
2
3
4
5
6
7
8
9
10
11
Options:
        -n              Run in foreground
        -O FILE         Log to given file (default:/var/log/messages)
        -l N            Set local log level
        -S              Smaller logging output
        -s SIZE         Max size (KB) before rotate (default:200KB, 0=off)
        -b N            N rotated logs to keep (default:1, max=99, 0=purge)
        -R HOST[:PORT]  Log to IP or hostname on PORT (default PORT=514/UDP)
        -L              Log locally and via network (default is network only if -R)
        -D              Drop duplicates
        -C[size(KiB)]   Log to shared mem buffer (read it using logread)

帶起方式如下

  • syslogd

    • 預設產生/var/log/message

  • syslogd -O /mnt/log/mesasge -s 256

    • 設定產生log檔的位置
    • 設定rotate size 256K

  • syslogd -C256

    • 設定使用256K RAM
    • 需使用logread,來讀取內容
    • ex. logread -f | nc 192.168.1.1 514
    • ex. logread -f » /mnt/share/logfile

參考來源