您的位置：首页 > 运维架构 > Linux

利用Linux syslog写日记

2012-10-10 17:49 281 查看

这两天，因为项目的需要研究了一把如何利用Linux syslog写日记，这里简单整理一下。本人使用的系统是RHEL 5.5。

System Logging

Linux日记系统由系统日志监控程序syslogd和内核日志监控程序klogd组成。从它们的命名可以看到，这两个监控程序都是守护程序（daemon），且都注册成了系统服务。换句话说，我们可以在目录/etc/init.d/下找到它们对应的执行程序，并通过service命令对它们进行启动，关闭，重启等操作。/etc/syslog.conf文件是Linux日记系统的配置文件。下面是本人/etc/syslog.conf文件内容：

[c-sharp]
view plaincopy print ?

# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.* /dev/console

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.

authpriv.* /var/log/secure

# Log all the mail messages in one place.

mail.* -/var/log/maillog

# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages

*.emerg *

# Save news errors of level crit and higher in a special file.

uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log

local7.* /var/log/boot.log

]

[cpp:collapse:firstline[1]]
+ expand sourceview plaincopyprint?

#include <syslog.h>
void openlog(char *ident, int option, int facility);
void syslog(int priority, char *format, ...);
void closelog();

#include <syslog.h>
void openlog(char *ident, int option, int facility);
void syslog(int priority, char *format, ...);
void closelog();

其中openlog和closelog都是可选的。不过，通过调用openlog，我们可以指定ident参数。这样，ident将被加到每条日记记录中。ident一般设成程序的名字，如在下面例子中的"testsyslog"：

[cpp:firstline[1]]
view plaincopy print ?

#include <syslog.h>

int main(int argc, char *argv[])
{
openlog("testsyslog", LOG_CONS | LOG_PID, 0);
syslog(LOG_USER | LOG_INFO, "syslog test message generated in program %s /n", argv[0]);
closelog();
return 0;
}

[cpp]
view plaincopyprint?

Apr 23 17:15:15 lirong-920181 testsyslog[27214]: syslog test message generated in program ./a.out

Apr 23 17:15:15 lirong-920181 testsyslog[27214]: syslog test message generated in program ./a.out

格式基本是：timestamp hostname ident[pid]：log message。其中ident就是我们调用openlog是指定的"testsyslog"，而之所以会打印出[27214]是openlog的option参数中指定了LOG_PID。下面我们详细讨论openlog函数中的option，facility和syslog函数中的priority参数。

根据/usr/include/sys/syslog.h文件，我们可以看到syslog支持的option如下：

[c-sharp]
view plaincopy print ?

/*
* Option flags for openlog.
*
* LOG_ODELAY no longer does anything.
* LOG_NDELAY is the inverse of what it used to be.
*/
#define LOG_PID 0x01 /* log the pid with each message */

#define LOG_CONS 0x02 /* log on the console if errors in sending */

#define LOG_ODELAY 0x04 /* delay open until first syslog() (default) */

#define LOG_NDELAY 0x08 /* don't delay open */

#define LOG_NOWAIT 0x10 /* don't wait for console forks: DEPRECATED */

#define LOG_PERROR 0x20 /* log to stderr as well */

[c-sharp]
view plaincopyprint?

/* facility codes */
#define LOG_KERN            (0<<3)    /* kernel messages */

#define LOG_USER            (1<<3)    /* random user-level messages */

#define LOG_MAIL            (2<<3)    /* mail system */

#define LOG_DAEMON  (3<<3)    /* system daemons */

#define LOG_AUTH            (4<<3)    /* security/authorization messages */

#define LOG_SYSLOG  (5<<3)    /* messages generated internally by syslogd */

#define LOG_LPR     (6<<3)    /* line printer subsystem */

#define LOG_NEWS            (7<<3)    /* network news subsystem */

#define LOG_UUCP            (8<<3)    /* UUCP subsystem */

#define LOG_CRON            (9<<3)    /* clock daemon */

#define LOG_AUTHPRIV    (10<<3)   /* security/authorization messages (private) */

#define LOG_FTP     (11<<3)   /* ftp daemon */

/* facility codes */
#define	LOG_KERN	        (0<<3)	/* kernel messages */
#define	LOG_USER	        (1<<3)	/* random user-level messages */
#define	LOG_MAIL	        (2<<3)	/* mail system */
#define	LOG_DAEMON	(3<<3)	/* system daemons */
#define	LOG_AUTH	        (4<<3)	/* security/authorization messages */
#define	LOG_SYSLOG	(5<<3)	/* messages generated internally by syslogd */
#define	LOG_LPR		(6<<3)	/* line printer subsystem */
#define	LOG_NEWS	        (7<<3)	/* network news subsystem */
#define	LOG_UUCP	        (8<<3)	/* UUCP subsystem */
#define	LOG_CRON	        (9<<3)	/* clock daemon */
#define	LOG_AUTHPRIV	(10<<3)	/* security/authorization messages (private) */
#define	LOG_FTP		(11<<3)	/* ftp daemon */

facility的ID（上面对应的数值）与名字的对应关系如下：

[c-sharp]
view plaincopy print ?

{ "auth", LOG_AUTH },
{ "authpriv", LOG_AUTHPRIV },
{ "cron", LOG_CRON },
{ "daemon", LOG_DAEMON },
{ "ftp", LOG_FTP },
{ "kern", LOG_KERN },
{ "lpr", LOG_LPR },
{ "mail", LOG_MAIL },
{ "mark", INTERNAL_MARK }, /* INTERNAL */
{ "news", LOG_NEWS },
{ "security", LOG_AUTH }, /* DEPRECATED */
{ "syslog", LOG_SYSLOG },
{ "user", LOG_USER },
{ "uucp", LOG_UUCP },

[c-sharp]
view plaincopyprint?

#define LOG_EMERG   0   /* system is unusable */

#define LOG_ALERT   1   /* action must be taken immediately */

#define LOG_CRIT            2   /* critical conditions */

#define LOG_ERR     3   /* error conditions */

#define LOG_WARNING 4   /* warning conditions */

#define LOG_NOTICE  5   /* normal but significant condition */

#define LOG_INFO            6   /* informational */

#define LOG_DEBUG   7   /* debug-level messages */

#define	LOG_EMERG	0	/* system is unusable */
#define	LOG_ALERT	1	/* action must be taken immediately */
#define	LOG_CRIT	        2	/* critical conditions */
#define	LOG_ERR		3	/* error conditions */
#define	LOG_WARNING	4	/* warning conditions */
#define	LOG_NOTICE	5	/* normal but significant condition */
#define	LOG_INFO	        6	/* informational */
#define	LOG_DEBUG	7	/* debug-level messages */

priority的ID（上面对应的数值）与名字的对应关系如下：

[c-sharp]
view plaincopy print ?

{ "alert", LOG_ALERT },
{ "crit", LOG_CRIT },
{ "debug", LOG_DEBUG },
{ "emerg", LOG_EMERG },
{ "err", LOG_ERR },
{ "error", LOG_ERR }, /* DEPRECATED */
{ "info", LOG_INFO },
{ "none", INTERNAL_NOPRI }, /* INTERNAL */
{ "notice", LOG_NOTICE },
{ "panic", LOG_EMERG }, /* DEPRECATED */
{ "warn", LOG_WARNING }, /* DEPRECATED */
{ "warning", LOG_WARNING },

[c-sharp]
view plaincopyprint?

user.debug                  /var/log/debug

user.debug                  /var/log/debug

要是添加的新规则生效，第二步我们需要重启syslogd和klogd：service syslog restart

为了测试新规则是否生效，我们可以将testsyslog修改如下：

[cpp:firstline[1]]
view plaincopy print ?

#include <syslog.h>

int main(int argc, char *argv[])
{
openlog("testsyslog", LOG_CONS | LOG_PID, 0);
syslog(LOG_USER | LOG_DEBUG, "syslog test message generated in program %s /n", argv[0]);
closelog();
return 0;
}

#include <syslog.h>

int main(int argc, char *argv[])
{
openlog("testsyslog", LOG_CONS | LOG_PID, 0);
syslog(LOG_USER | LOG_DEBUG, "syslog test message generated in program %s /n", argv[0]);
closelog();
return 0;
}

编译生成执行文件后，每运行一次，/var/log/debug文件都会增加一条新的记录。

内容来自用户分享和网络整理，不保证内容的准确性，如有侵权内容，可联系管理员处理

标签：

相关文章推荐

新的分享

章节导航