syslog Protocol

RFC – Request for Comments

RFC 3164 – The BSD syslog Protocol, August 2001
RFC 3195 – Reliable Delivery for syslog
RFC 5424 – The Syslog Protocol, March 2009
RFC 5425 – TLS Transport Mapping for Syslog
RFC 5426 – Transmission of Syslog Messages over UDP
RFC 5427 – Textual Conventions for Syslog Management
RFC 5848 – Signed Syslog Messages
RFC 6012 – Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog
RFC 6587 – Transmission of Syslog Messages over TCP, April 2012

glibc

openlog
syslog

#include <stdio.h>
#include <unistd.h>
#include <syslog.h>

int
main(void)
{
   openlog("slog", LOG_PID | LOG_CONS, LOG_USER);
   syslog(LOG_INFO, "A different kind of Hello world ... ");
   closelog();

   return 0;
}

rsyslog

Rsyslog mit MySQL als zentraler Logserver
Fedora: Viewing and Managing Log Files
Centralized RSYSLOG Server Monitoring
How to Setup Centralized Logging Server using Rsyslog
Advanced Unix logging tips
RSyslog on FreeBSD
Rsyslog + MySQL on FreeBSD
gentoo Linux: rsyslog

BSD-Style blocks will go away in rsyslog v7
Filtering by program name

!prog1
 *.* /var/log/prog1.log
 *.* /var/log/prog1again.log
!prog2
 *.* /var/log/prog2.log
 *.* /var/log/prog2again.log
 if $programname == 'prog1' then {
   /var/log/prog1.log
   /var/log/prog1again.log
}
if $programname == 'prog2' then {
   /var/log/prog2.log
   /var/log/prog2again.log
}
<43>1 2015-11-10T17:27:18.354950+01:00 bsd rsyslogd-2304 - - - BSD-style blocks are no longer supported in rsyslog, see http://www.rsyslog.com/g/BSD for details and a solution (Block '!-devd') [try http://www.rsyslog.com/e/2304 ]
<43>1 2015-11-10T17:27:18.356323+01:00 bsd rsyslogd-2184 - - - action '*' treated as ':omusrmsg:*' - please change syntax, '*' will not be supported in the future [try http://www.rsyslog.com/e/2184 ]
<43>1 2015-11-10T17:27:18.356426+01:00 bsd rsyslogd-2207 - - - error during parsing file /usr/local/etc/rsyslog.conf, on or before line 27: warnings occured in file '/usr/local/etc/rsyslog.conf' around line 27 [try http://www.rsyslog.com/e/2207 ]
<43>1 2015-11-10T17:27:18.356455+01:00 bsd rsyslogd-2207 - - - error during parsing file /usr/local/etc/rsyslog.conf, on or before line 27: invalid character ';' - is there an invalid escape sequence somewhere? [try http://www.rsyslog.com/e/2207 ]
<43>1 2015-11-10T17:27:18.356496+01:00 bsd rsyslogd-2184 - - - action 'RSYSLOG_SyslogProtocol23Format' treated as ':omusrmsg:RSYSLOG_SyslogProtocol23Format' - please change syntax, 'RSYSLOG_SyslogProtocol23Format' will not be supported in the future [try http://www.rsyslog.com/e/2184 ]
<43>1 2015-11-10T17:27:18.356512+01:00 bsd rsyslogd-3000 - - - user name 'RSYSLOG_...' too long - ignored
<43>1 2015-11-10T17:27:18.356562+01:00 bsd rsyslogd-2207 - - - error during parsing file /usr/local/etc/rsyslog.conf, on or before line 27: warnings occured in file '/usr/local/etc/rsyslog.conf' around line 27 [try http://www.rsyslog.com/e/2207 ]
<43>1 2015-11-10T17:27:18.356653+01:00 bsd rsyslogd-2304 - - - BSD-style blocks are no longer supported in rsyslog, see http://www.rsyslog.com/g/BSD for details and a solution (Block '!ppp') [try http://www.rsyslog.com/e/2304 ]
<43>1 2015-11-10T17:27:18.356703+01:00 bsd rsyslogd-2304 - - - BSD-style blocks are no longer supported in rsyslog, see http://www.rsyslog.com/g/BSD for details and a solution (Block '!*') [try http://www.rsyslog.com/e/2304 ]

<27>1 2015-11-10T17:27:19.482482+01:00 bsd nmbd 1737 - -  [2015/11/10 17:27:19.481957,  0] ../lib/util/become_daemon.c:136(daemon_ready)
<27>1 2015-11-10T17:27:21.750548+01:00 bsd smbd 1740 - -  [2015/11/10 17:27:21.749661,  0] ../lib/util/become_daemon.c:136(daemon_ready)
<27>1 2015-11-10T17:27:21.760813+01:00 bsd smbd 1740 - -    STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to fetch record!
<27>1 2015-11-10T17:27:21.819782+01:00 bsd winbindd 1744 - -  [2015/11/10 17:27:21.819054,  0] ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache)
<27>1 2015-11-10T17:27:21.820014+01:00 bsd winbindd 1744 - -    initialize_winbindd_cache: clearing cache and re-creating with version number 2
<27>1 2015-11-10T17:27:21.838248+01:00 bsd winbindd 1744 - -  [2015/11/10 17:27:21.838055,  0] ../lib/util/become_daemon.c:136(daemon_ready)

<11>1 2015-11-10T17:27:22.099952+01:00 bsd freevrrpd 1796 - -  cannot create a netgraph socket: No such file or directory
<10>1 2015-11-10T17:27:22.100123+01:00 bsd freevrrpd 1796 - -  cannot create a bridge device: No such file or directory
<10>1 2015-11-10T17:27:22.100257+01:00 bsd freevrrpd 1796 - -  aborting...

Protocol

Wikipedia Syslog Facility Levels
Unix – System Logging

#define LOG_EMERG       0       /* system is unusable */
#define LOG_ALERT       1       /* action must be taken immediately */
#define LOG_CRIT        2       /* critical conditions */
#define LOG_ERR         3       /* error conditions */
#define LOG_WARNING     4       /* warning conditions */
#define LOG_NOTICE      5       /* normal but significant condition */
#define LOG_INFO        6       /* informational */
#define LOG_DEBUG       7       /* debug-level messages */
#define LOG_KERN        (0<<3)  /* kernel messages */
#define LOG_USER        (1<<3)  /* random user-level messages */
#define LOG_MAIL        (2<<3)  /* mail system */
#define LOG_DAEMON      (3<<3)  /* system daemons */
#define LOG_AUTH        (4<<3)  /* security/authorization messages */
#define LOG_SYSLOG      (5<<3)  /* messages generated internally by syslogd */
#define LOG_LPR         (6<<3)  /* line printer subsystem */
#define LOG_NEWS        (7<<3)  /* network news subsystem */
#define LOG_UUCP        (8<<3)  /* UUCP subsystem */
#define LOG_CRON        (9<<3)  /* clock daemon */
#define LOG_AUTHPRIV    (10<<3) /* security/authorization messages (private) */
#define LOG_FTP         (11<<3) /* ftp daemon */
#define LOG_LOCAL0      (16<<3) /* reserved for local use */
#define LOG_LOCAL1      (17<<3) /* reserved for local use */
#define LOG_LOCAL2      (18<<3) /* reserved for local use */
#define LOG_LOCAL3      (19<<3) /* reserved for local use */
#define LOG_LOCAL4      (20<<3) /* reserved for local use */
#define LOG_LOCAL5      (21<<3) /* reserved for local use */
#define LOG_LOCAL6      (22<<3) /* reserved for local use */
#define LOG_LOCAL7      (23<<3) /* reserved for local use */
#define LOG_FAC_INVLD   24
#define LOG_INVLD       (LOG_FAC_INVLD<<3)      /* invalid facility/PRI code */
syslogName_t    syslogFacNames[] = {
        {"auth",         LOG_AUTH},
        {"authpriv",     LOG_AUTHPRIV},
        {"cron",         LOG_CRON},
        {"daemon",       LOG_DAEMON},
        {"kern",         LOG_KERN},
        {"lpr",          LOG_LPR},
        {"mail",         LOG_MAIL},
        {"mark",         LOG_MARK},             /* INTERNAL */
        {"news",         LOG_NEWS},
        {"security",     LOG_AUTH},             /* DEPRECATED */
        {"bsd_security", (13<<3) },             /* BSD-specific, unfortunatly with duplicate name... */
        {"syslog",       LOG_SYSLOG},
        {"user",         LOG_USER},
        {"uucp",         LOG_UUCP},
        {"ftp",          LOG_FTP},
        {"audit",        LOG_AUDIT},
        {"console",      (14 << 3)},            /* BSD-specific priority */
        {"local0",       LOG_LOCAL0},
        {"local1",       LOG_LOCAL1},
        {"local2",       LOG_LOCAL2},
        {"local3",       LOG_LOCAL3},
        {"local4",       LOG_LOCAL4},
        {"local5",       LOG_LOCAL5},
        {"local6",       LOG_LOCAL6},
        {"local7",       LOG_LOCAL7},
        {"invld",        LOG_INVLD},
        {NULL,           -1},
};

Wikipedia

Syslog (de)
Syslog (en)

Other Resources

RFC Base: The Syslog Protocol
Introduction to Syslog Protocol

Other implementations

loggy

Leave a Reply

Your email address will not be published. Required fields are marked *