RFC – Request for Comments
RFC 3164 – The BSD syslog Protocol, August 2001
RFC 3195 – Reliable Delivery for syslog
RFC 5424 – The Syslog Protocol, March 2009
RFC 5425 – TLS Transport Mapping for Syslog
RFC 5426 – Transmission of Syslog Messages over UDP
RFC 5427 – Textual Conventions for Syslog Management
RFC 5848 – Signed Syslog Messages
RFC 6012 – Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog
RFC 6587 – Transmission of Syslog Messages over TCP, April 2012
glibc
#include <stdio.h> #include <unistd.h> #include <syslog.h> int main(void) { openlog("slog", LOG_PID | LOG_CONS, LOG_USER); syslog(LOG_INFO, "A different kind of Hello world ... "); closelog(); return 0; }
rsyslog
Rsyslog mit MySQL als zentraler Logserver
Fedora: Viewing and Managing Log Files
Centralized RSYSLOG Server Monitoring
How to Setup Centralized Logging Server using Rsyslog
Advanced Unix logging tips
RSyslog on FreeBSD
Rsyslog + MySQL on FreeBSD
gentoo Linux: rsyslog
BSD-Style blocks will go away in rsyslog v7
Filtering by program name
!prog1 *.* /var/log/prog1.log *.* /var/log/prog1again.log !prog2 *.* /var/log/prog2.log *.* /var/log/prog2again.log
if $programname == 'prog1' then { /var/log/prog1.log /var/log/prog1again.log } if $programname == 'prog2' then { /var/log/prog2.log /var/log/prog2again.log }
<43>1 2015-11-10T17:27:18.354950+01:00 bsd rsyslogd-2304 - - - BSD-style blocks are no longer supported in rsyslog, see http://www.rsyslog.com/g/BSD for details and a solution (Block '!-devd') [try http://www.rsyslog.com/e/2304 ] <43>1 2015-11-10T17:27:18.356323+01:00 bsd rsyslogd-2184 - - - action '*' treated as ':omusrmsg:*' - please change syntax, '*' will not be supported in the future [try http://www.rsyslog.com/e/2184 ] <43>1 2015-11-10T17:27:18.356426+01:00 bsd rsyslogd-2207 - - - error during parsing file /usr/local/etc/rsyslog.conf, on or before line 27: warnings occured in file '/usr/local/etc/rsyslog.conf' around line 27 [try http://www.rsyslog.com/e/2207 ] <43>1 2015-11-10T17:27:18.356455+01:00 bsd rsyslogd-2207 - - - error during parsing file /usr/local/etc/rsyslog.conf, on or before line 27: invalid character ';' - is there an invalid escape sequence somewhere? [try http://www.rsyslog.com/e/2207 ] <43>1 2015-11-10T17:27:18.356496+01:00 bsd rsyslogd-2184 - - - action 'RSYSLOG_SyslogProtocol23Format' treated as ':omusrmsg:RSYSLOG_SyslogProtocol23Format' - please change syntax, 'RSYSLOG_SyslogProtocol23Format' will not be supported in the future [try http://www.rsyslog.com/e/2184 ] <43>1 2015-11-10T17:27:18.356512+01:00 bsd rsyslogd-3000 - - - user name 'RSYSLOG_...' too long - ignored <43>1 2015-11-10T17:27:18.356562+01:00 bsd rsyslogd-2207 - - - error during parsing file /usr/local/etc/rsyslog.conf, on or before line 27: warnings occured in file '/usr/local/etc/rsyslog.conf' around line 27 [try http://www.rsyslog.com/e/2207 ] <43>1 2015-11-10T17:27:18.356653+01:00 bsd rsyslogd-2304 - - - BSD-style blocks are no longer supported in rsyslog, see http://www.rsyslog.com/g/BSD for details and a solution (Block '!ppp') [try http://www.rsyslog.com/e/2304 ] <43>1 2015-11-10T17:27:18.356703+01:00 bsd rsyslogd-2304 - - - BSD-style blocks are no longer supported in rsyslog, see http://www.rsyslog.com/g/BSD for details and a solution (Block '!*') [try http://www.rsyslog.com/e/2304 ] <27>1 2015-11-10T17:27:19.482482+01:00 bsd nmbd 1737 - - [2015/11/10 17:27:19.481957, 0] ../lib/util/become_daemon.c:136(daemon_ready) <27>1 2015-11-10T17:27:21.750548+01:00 bsd smbd 1740 - - [2015/11/10 17:27:21.749661, 0] ../lib/util/become_daemon.c:136(daemon_ready) <27>1 2015-11-10T17:27:21.760813+01:00 bsd smbd 1740 - - STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to fetch record! <27>1 2015-11-10T17:27:21.819782+01:00 bsd winbindd 1744 - - [2015/11/10 17:27:21.819054, 0] ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache) <27>1 2015-11-10T17:27:21.820014+01:00 bsd winbindd 1744 - - initialize_winbindd_cache: clearing cache and re-creating with version number 2 <27>1 2015-11-10T17:27:21.838248+01:00 bsd winbindd 1744 - - [2015/11/10 17:27:21.838055, 0] ../lib/util/become_daemon.c:136(daemon_ready) <11>1 2015-11-10T17:27:22.099952+01:00 bsd freevrrpd 1796 - - cannot create a netgraph socket: No such file or directory <10>1 2015-11-10T17:27:22.100123+01:00 bsd freevrrpd 1796 - - cannot create a bridge device: No such file or directory <10>1 2015-11-10T17:27:22.100257+01:00 bsd freevrrpd 1796 - - aborting...
Protocol
Wikipedia Syslog Facility Levels
Unix – System Logging
#define LOG_EMERG 0 /* system is unusable */ #define LOG_ALERT 1 /* action must be taken immediately */ #define LOG_CRIT 2 /* critical conditions */ #define LOG_ERR 3 /* error conditions */ #define LOG_WARNING 4 /* warning conditions */ #define LOG_NOTICE 5 /* normal but significant condition */ #define LOG_INFO 6 /* informational */ #define LOG_DEBUG 7 /* debug-level messages */
#define LOG_KERN (0<<3) /* kernel messages */ #define LOG_USER (1<<3) /* random user-level messages */ #define LOG_MAIL (2<<3) /* mail system */ #define LOG_DAEMON (3<<3) /* system daemons */ #define LOG_AUTH (4<<3) /* security/authorization messages */ #define LOG_SYSLOG (5<<3) /* messages generated internally by syslogd */ #define LOG_LPR (6<<3) /* line printer subsystem */ #define LOG_NEWS (7<<3) /* network news subsystem */ #define LOG_UUCP (8<<3) /* UUCP subsystem */ #define LOG_CRON (9<<3) /* clock daemon */ #define LOG_AUTHPRIV (10<<3) /* security/authorization messages (private) */ #define LOG_FTP (11<<3) /* ftp daemon */ #define LOG_LOCAL0 (16<<3) /* reserved for local use */ #define LOG_LOCAL1 (17<<3) /* reserved for local use */ #define LOG_LOCAL2 (18<<3) /* reserved for local use */ #define LOG_LOCAL3 (19<<3) /* reserved for local use */ #define LOG_LOCAL4 (20<<3) /* reserved for local use */ #define LOG_LOCAL5 (21<<3) /* reserved for local use */ #define LOG_LOCAL6 (22<<3) /* reserved for local use */ #define LOG_LOCAL7 (23<<3) /* reserved for local use */ #define LOG_FAC_INVLD 24 #define LOG_INVLD (LOG_FAC_INVLD<<3) /* invalid facility/PRI code */
syslogName_t syslogFacNames[] = { {"auth", LOG_AUTH}, {"authpriv", LOG_AUTHPRIV}, {"cron", LOG_CRON}, {"daemon", LOG_DAEMON}, {"kern", LOG_KERN}, {"lpr", LOG_LPR}, {"mail", LOG_MAIL}, {"mark", LOG_MARK}, /* INTERNAL */ {"news", LOG_NEWS}, {"security", LOG_AUTH}, /* DEPRECATED */ {"bsd_security", (13<<3) }, /* BSD-specific, unfortunatly with duplicate name... */ {"syslog", LOG_SYSLOG}, {"user", LOG_USER}, {"uucp", LOG_UUCP}, {"ftp", LOG_FTP}, {"audit", LOG_AUDIT}, {"console", (14 << 3)}, /* BSD-specific priority */ {"local0", LOG_LOCAL0}, {"local1", LOG_LOCAL1}, {"local2", LOG_LOCAL2}, {"local3", LOG_LOCAL3}, {"local4", LOG_LOCAL4}, {"local5", LOG_LOCAL5}, {"local6", LOG_LOCAL6}, {"local7", LOG_LOCAL7}, {"invld", LOG_INVLD}, {NULL, -1}, };
Wikipedia
Other Resources
RFC Base: The Syslog Protocol
Introduction to Syslog Protocol