Note on syslog programming

Syslog

Updated on Oct,10, 2001

There are some good tools for debugging such as gdb or ddd, but I still prefer "printf" method. As an improve for this method, I use printf along with Unix' syslog. It is simple but efficient, especially with thread programming, IMHO.

1. How syslog works

There is a daemon on Unix call syslog daemon. It helps applications to log messages into files ( locally or remotely ) so that we can check them later when neccessary. Syslog can log to console, pipes, or send messages to users, too. Syslogd needs a configuration file call /etc/syslog.conf to know which files, devices, pipes ... to log messages to, and what kinds of messages to log. Each line in syslog.conf specifies the kinds of messages to log ( selector ) and where to log to ( action ). Selector and action are separated by one or more tabs

Selectors contains two parts: facility and priority, separated by dot (.) .
Facility can be: LOG_AUTH, LOG_AUTHPRIV, LOG_CRON, LOG_DAEMON, LOG_KERN,LOG_LOCAL0 - LOG_LOCAL7, LOG_LPR, LOG_MAIL, LOG_NEWS, LOG_SYSLOG, LOG_USER, LOG_UUCP.
priority can be :LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG

Action specifies where to log to :
- a regular file: must br used with a fulll path name /var/log/messages - console: /dev/console - remote machine: we can forward the sysloog messages from many hosts to a central syslog machine. To specify a remote syslog host, the action need to begin with @, such as @centralhost

A sample of syslog.conf

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;user.none;cron.none      /var/log/messages
user.info                                               /var/log/coh.log
# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure
                                                                                          
# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages, plus log them on another
# machine.
*.emerg                                                 *

# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

A sample of logged file

Oct  8 12:58:35 penguin-host  -- interbase[29386]: LOGIN ON pts/3 BY interbase FROM linux
Oct  8 13:17:57 penguin-host ftpd[29507]: FTP LOGIN FROM linux [192.168.253.10], interbase
Oct  8 13:33:09 penguin-host ftpd[29507]: User interbase timed out after 900 seconds at Mon Oct  8 13:33:09 2001
Oct  8 13:33:09 penguin-host ftpd[29507]: FTP session closed
Oct  8 14:35:00 penguin-host login(pam_unix)[29386]: session closed for user interbase
Oct  8 14:35:04 penguin-host login(pam_unix)[30280]: session opened for user penguin by (uid=0)

For more details about syslog.conf, see manpage of syslog.conf.

2. A simple class that implements syslog writer

The programming APIs for syslog is rather simple: openlog, syslog ans closelog, these functions are defined in syslog.h.

2.1 void openlog( char *ident, int option, int facility)
ident is the string that will be appended into the syslog after the date, to know the corresponding message is of which application. For example, ftpd or login(pam_unix) in the above sample logged file.
option can be one or more of the following: LOG_CONS ( to print messages to the console if there is an error while writing to the syslog logger ), LOG_NDELAY ( open the connection to syslog immediately ), LOG_PERROR ( also print to the standard error device ), LOG_PID ( print the pid, for example [29507] in the above example of logged file.

2.2 void syslog( int priority, char *format, ...)
This function send the message to system logger with at a given priority , and wilth facility specified in openlog.

2.3 void closelog( void )
This function closes the syslog connection of the application.

With the above three functions, we can build a simple class for logging messages. See Listing 1 and Listing 2.

For example, we can use that class as follows:

...
InfoLog *gpLog = NULL;
    gpLog = new gpLog("my-app");
...
    if ( bCondition1 )
    {
        ...
        WriteLog( "Condition 1 satisfied");
    }
...
    if( gpLog != NULL )
        delete gpLog;

Listing 1. infolog.h

#ifndef _INFO_LOG_
#define _INFO_LOG_
#include 

class InfoLog
{
public:
	InfoLog( char * strIdent, int option = LOG_NDELAY, int facility = LOG_USER, int priority = LOG_INFO);
	~InfoLog();
	void WriteLog( char * pLog);
private:
	char	m_strIdent[128];
	int	m_Option, m_Facility, m_Priority;
};

#endif

Listing 2. infolog.cpp

#include "stdio.h"
#include "infolog.h"
InfoLog::InfoLog( char * strIdent, int option, int facility , int priority  )
{
unsigned int length = strlen(strIdent);
    if( length >= sizeof( m_strIdent) )
    {
        memcpy( m_strIdent, strIdent, sizeof(m_strIdent)-1);
        m_strIdent[sizeof(m_strIdent)-1] = 0;
    }
    else
        strcpy( m_strIdent, strIdent );
    m_Option= option;
    m_Facility = facility;
    m_Priority = priority;
    openlog( m_strIdent, m_Option, m_Facility );
}

void InfoLog::WriteLog( char * pLog  )
{
    syslog( m_Priority, "%s", pLog );
    printf( "%s", pLog );
}

InfoLog::~InfoLog()
{
    closelog();
}

Home