Linux syslog 程式設計筆記

LINUX下執行的程式除了自己輸出系統日誌到特定檔案外，還可以透過 syslogd來達成這個功能，免除了自行開檔關檔的工作。

程式要使用系統日誌功能，只需要在程式啟動時使用openlog函數來連接syslogd程式，後面隨時用syslog函數傳人系統日誌就行了。

相關的函式有 openlog，syslog，closelog。

#include <syslog.h> void openlog(const char *ident, int option, int facility)

開啟一個到系統日誌記錄程式的連接，開啟後就可使用用syslog或vsyslog函數在系統日誌中添加資訊

ident 是一個標記，ident所表示的字串將固定地加在每行日誌的前面以標識這個日誌，通常就寫成當前程式的名稱以作標記。 option 是下列值取與運算的結果： LOG_CONS Write directly to system console if there is an error while sending to system logger. LOG_NDELAY Open the connection immediately (normally, the connection is opened when the first message is logged). LOG_NOWAIT Don’t wait for child processes that may have been created while logging the message. (The GNU C library does not create a child process, so this option has no effect on Linux.) LOG_ODELAY The converse of LOG_NDELAY; opening of the connection is delayed until syslog() is called. (This is the default, and need not be specified.) LOG_PERROR (Not in SUSv3.) Print to stderr as well. LOG_PID Include PID with each message. facility 指明記錄日誌的程式的類型。facility is the default facility code for this connection. A syslog on this connection that specifies default facility causes this facility to be associated with the message. See syslog for possible values. A value of zero means the default default, which is LOG_USER.

#include <syslog.h> void syslog(int priority, const char *format, ...)

把日誌消息發給系統程式輸出至syslogd記錄

priority 日誌消息的緊急級別 LOG_USER A miscellaneous user process LOG_MAIL Mail LOG_DAEMON A miscellaneous system daemon LOG_AUTH Security (authorization) LOG_SYSLOG Syslog LOG_LPR Central printer LOG_NEWS Network news (e.g. Usenet) LOG_UUCP UUCP LOG_CRON Cron and At LOG_AUTHPRIV Private security (authorization) LOG_FTP Ftp server LOG_LOCAL0 Locally defined LOG_LOCAL1 Locally defined LOG_LOCAL2 Locally defined LOG_LOCAL3 Locally defined LOG_LOCAL4 Locally defined LOG_LOCAL5 Locally defined LOG_LOCAL6 Locally defined LOG_LOCAL7 Locally defined format 日誌消息的格式，之後是格式對應的參數類似printf函數。

#include <syslog.h> void closelog(void)

關閉 開啟的 openlog 連接

#include <stdarg.h> void vsyslog(int priority, const char *format, va_list ap);

把日誌消息發給系統程式輸出至syslogd記錄

簡單範例

#include <syslog.h> int main(int argc, char **argv) { openlog("test", LOG_CONS | LOG_PID, 0); syslog(LOG_INFO, "This is a syslog test message generated by program '%s'n", argv[0]); closelog(); return 0; }

結果輸出一般是 /var/log/messages 或是 /var/log/syslog

視 /etc/syslog.conf 中的設定，下面的設定是輸出至 /var/log/messages

# Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log

補充

Linux有關syslog的函式沒有提供syslog寫到遠端syslogd的功能，如果在程式中想要將syslog寫到遠端的syslog 伺服器，可以使用socket udp(514)的函式，將訊息送出。

參考資料

http://insecure.org/sploits/aix.generic.syslogd.problem.html

http://zhoulifa.bokee.com/6104993.html

http://www.dusek.ch/manual/glibc/libc_18.html

http://www.balabit.com/network-security/syslog-ng/