這兩天,因為項目的需要研究了一把如何利用Linux syslog寫日記,這裡簡單整理一下。本人使用的系統是RHEL 5.5。
System Logging
Linux日記系統由系統日志監控程序syslogd和內核日志監控程序klogd組成。從它們的命名可以看到,這兩個監控程序都是守護程序(daemon),且都注冊成了系統服務。換句話說,我們可以在目錄/etc/init.d/下找到它們對應的執行程序,並通過service命令對它們進行啟動,關閉,重啟等操作。/etc/syslog.conf文件是Linux日記系統的配置文件。下面是本人/etc/syslog.conf文件內容:
- # Log all kernel messages to the console.
- # Logging much else clutters up the screen.
- #kern.* /dev/console
-
- # Log anything (except mail) of level info or higher.
- # Don't log private authentication messages!
- *.info;mail.none;authpriv.none;cron.none /var/log/messages
-
- # The authpriv file has restricted access.
- authpriv.* /var/log/secure
-
- # Log all the mail messages in one place.
- mail.* -/var/log/maillog
-
-
- # Log cron stuff
- cron.* /var/log/cron
-
- # Everybody gets emergency messages
- *.emerg *
-
- # Save news errors of level crit and higher in a special file.
- uucp,news.crit /var/log/spooler
-
- # Save boot messages also to boot.log
- local7.* /var/log/boot.log
在對這個配置文件進行詳細的解釋之前,我們先看一下在Linux C編程中如何利用syslog進行日記。
syslog APIs
Linux C中提供一套系統日記寫入接口,包括三個函數:openlog,syslog和closelog。下面是這三個函數的調用格式:
- #include <syslog.h>
- void openlog(char *ident, int option, int facility);
- void syslog(int priority, char *format, ...);
- void closelog();
其中openlog和closelog都是可選的。不過,通過調用openlog,我們www.linuxidc.com可以指定ident參數。這樣,ident將被加到每條日記記錄中。ident一般設成程序的名字,如在下面例子中的"testsyslog":
- #include <syslog.h>
-
- int main(int argc, char *argv[])
- {
- openlog("testsyslog", LOG_CONS | LOG_PID, 0);
- syslog(LOG_USER | LOG_INFO, "syslog test message generated in program %s \n", argv[0]);
- closelog();
- return 0;
- }
編譯生成可執行文件後,每運行一次,程序將往/var/log/messages添加一條如下的記錄:
- Apr 23 17:15:15 lirong-920181 testsyslog[27214]: syslog test message generated in program ./a.out
格式基本是:timestamp hostname ident[pid]:log message。其中ident就是我們調用openlog是指定的"testsyslog",而之所以會打印出[27214]是openlog的option參數中指定了LOG_PID。下面我們詳細討論openlog函數中的option,facility和syslog函數中的priority參數。
根據/usr/include/sys/syslog.h文件,我們可以看到syslog支持的option如下:
- /*
- * Option flags for openlog.
- *
- * LOG_ODELAY no longer does anything.
- * LOG_NDELAY is the inverse of what it used to be.
- */
- #define LOG_PID 0x01 /* log the pid with each message */
- #define LOG_CONS 0x02 /* log on the console if errors in sending */
- #define LOG_ODELAY 0x04 /* delay open until first syslog() (default) */
- #define LOG_NDELAY 0x08 /* don't delay open */
- #define LOG_NOWAIT 0x10 /* don't wait for console forks: DEPRECATED */
- #define LOG_PERROR 0x20 /* log to stderr as well */