《Linux/UNIX系统编程手册》 英文版读书笔记syslog学习记录

#include <syslog.h>
void syslog(int priority, const char *format, ...);

The
priority argument is created by ORing together afacility
value and a
levelvalue. The facilityindicates the general category of the
application logging the message, and is specified as one of the values listed in Table 37-1. If omitted, thefacility
defaults to the value specified in a previous
openlog()
call, or toLOG_USER
if that call was omitted.
The
level value indicates the severity of the message, and is specified as one of the values in Table 37-2





yslog()are
a format string and corresponding arguments in the manner ofprintf(). One difference fromprintf()
is that the format string doesn’t need to include a terminating newline character. 
Also,
the format string may
include the 2-character sequence%m,
which is replaced by theerror string corresponding to the current value oferrno(i.e.,
the equivalent ofstrerror(errno)).

It is an error to usesyslog()
to write some user-supplied string in the following
manner:

syslog(priority, user_supplied_string);

正确的写法为

syslog(priority, "%s", user_supplied_string);

Thesetlogmask()
function sets a mask that filters the messages written by
syslog().

#include <syslog.h>
int setlogmask(int mask_priority);
Returns previous log priority mask

The macro
LOG_MASK() (defined in<syslog.h>) converts thelevel
values of Table 37-2
to bit values suitable for passing to
setlogmask(). For example, to discard all messages
except those with priorities of
LOG_ERR and above, we would make the following call:

LOG_MASK的作用就是把表37-2中的宏变量转为位值，从而可以传递给函数setlogmask;

setlogmask(LOG_MASK(LOG_EMERG) | LOG_MASK(LOG_ALERT) |
LOG_MASK(LOG_CRIT) | LOG_MASK(LOG_ERR));

The
/etc/syslog.conf
configuration file controls the operation of the
syslogd daemon.

*.err /dev/tty10
auth.notice root
*.debug;mail.none;news.none -/var/log/messages

The first rule says that messages from all facilities (*) with
a level
of err
(LOG_ERR) or higher should be sent to the/dev/tty10
console device. 
第一条说从所用facilities的信息，同时level为err或者更高的，这些信息应该发送到/dev/tty10/console
The
second rule says that authorization facility (LOG_AUTH) messages with alevel
of
notice (LOG_NOTICE) or higher should
be sent to any consoles or terminals whereroot
is logged in. 
This
particular rule would allow a logged-in
root user to immediately see messages about failedsu attempts,
for example.
例如，这条特殊的规则允许一个root用户直接看到su失败的信息。

The last rule demonstrates several of the more advanced features of rule syntax. A rule can contain multiple selectors separated by semicolons. The first selector specifiesall
messages, using the
*
wildcard for
facility and
debug for
level,
meaning all messages of level
debug (the lowest level) and higher. (On Linux, some
other UNIX implementations, it is possible to specify
level as
*, with the same meaning asdebug.
However, this feature is not available to allsyslog
implementations.)
最后一个规则展示了更高级的用法。一个规则可以包括多个selector，这些selector用分号“；”分开，第一个selector用*指定所有的消息，设置level为debug,意味着所用level为debug或者更高的消息。
 Normally,
a rule that contains multiple selectors matches messages corresponding to any of the selectors, but specifying alevel
of
none has the effect of excludingall messages belonging to the
correspondingfacility. Thus, this rule sends
all messages except those for the
mail andnews
facilities to the file/var/log/messages.
一般来说，一个规则含有多个selector的规则可以匹配许多消息，只要这些消息匹配其中任意一个selector.但是某个selector制定level为none,你们属于这个facility的消息都被排除。
所以最后一个规则发送所有的消息到/var/log/messages除了mail facility和news facility。
The hyphen (-) preceding the name of this file specifies that a sync to the disk does not
occur on each write to the file (refer to Section 13.3). This means that writes are faster, but some data may be lost if the system crashes soon after the write.
符号(-)指定把消息数据同步到磁盘，如果不指定的话在每次写入到文件时并不都会写入到磁盘。这样做写入速度会加快，但是如果写入不久系统崩溃的话一些数据可能也会丢失。
Whenever we change the
syslog.conf file, we must ask the daemon to reinitialize itself from this file in the usual fashion:

$ killall -HUP syslogd Send SIGHUP to syslogd

每当我们更改syslog.conf文件，我们必须让daemon重新初始化自身，用下面的命令。