RFC 3164 – The BSD syslog Protocol<\/a>, August 2001 openlog<\/a> Rsyslog mit MySQL als zentraler Logserver<\/a> BSD-Style blocks will go away in rsyslog v7<\/a> Wikipedia Syslog Facility Levels<\/a> Syslog<\/a> (de) RFC Base: The Syslog Protocol<\/a>
\nRFC 3195 – Reliable Delivery for syslog
\nRFC 5424 – The Syslog Protocol<\/a>, March 2009
\nRFC 5425 – TLS Transport Mapping for Syslog
\nRFC 5426 – Transmission of Syslog Messages over UDP
\nRFC 5427 – Textual Conventions for Syslog Management
\nRFC 5848 – Signed Syslog Messages
\nRFC 6012 – Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog
\nRFC 6587 – Transmission of Syslog Messages over TCP<\/a>, April 2012<\/p>\nglibc<\/h3>\n
\nsyslog<\/a><\/p>\n\r\n#include <stdio.h>\r\n#include <unistd.h>\r\n#include <syslog.h>\r\n\r\nint\r\nmain(void)\r\n{\r\n openlog("slog", LOG_PID | LOG_CONS, LOG_USER);\r\n syslog(LOG_INFO, "A different kind of Hello world ... ");\r\n closelog();\r\n\r\n return 0;\r\n}\r\n<\/pre>\nrsyslog<\/h3>\n
\nFedora: Viewing and Managing Log Files<\/a>
\nCentralized RSYSLOG Server Monitoring<\/a>
\nHow to Setup Centralized Logging Server using Rsyslog<\/a>
\nAdvanced Unix logging tips<\/a>
\nRSyslog on FreeBSD<\/a>
\nRsyslog + MySQL on FreeBSD<\/a>
\ngentoo Linux: rsyslog<\/a><\/p>\n
\nFiltering by program name<\/a><\/p>\n\r\n!prog1\r\n *.* \/var\/log\/prog1.log\r\n *.* \/var\/log\/prog1again.log\r\n!prog2\r\n *.* \/var\/log\/prog2.log\r\n *.* \/var\/log\/prog2again.log\r\n<\/pre>\n
\r\n if $programname == 'prog1' then {\r\n \/var\/log\/prog1.log\r\n \/var\/log\/prog1again.log\r\n}\r\nif $programname == 'prog2' then {\r\n \/var\/log\/prog2.log\r\n \/var\/log\/prog2again.log\r\n}\r\n<\/pre>\n\r\n<43>1 2015-11-10T17:27:18.354950+01:00 bsd rsyslogd-2304 - - - BSD-style blocks are no longer supported in rsyslog, see http:\/\/www.rsyslog.com\/g\/BSD for details and a solution (Block '!-devd') [try http:\/\/www.rsyslog.com\/e\/2304 ]\r\n<43>1 2015-11-10T17:27:18.356323+01:00 bsd rsyslogd-2184 - - - action '*' treated as ':omusrmsg:*' - please change syntax, '*' will not be supported in the future [try http:\/\/www.rsyslog.com\/e\/2184 ]\r\n<43>1 2015-11-10T17:27:18.356426+01:00 bsd rsyslogd-2207 - - - error during parsing file \/usr\/local\/etc\/rsyslog.conf, on or before line 27: warnings occured in file '\/usr\/local\/etc\/rsyslog.conf' around line 27 [try http:\/\/www.rsyslog.com\/e\/2207 ]\r\n<43>1 2015-11-10T17:27:18.356455+01:00 bsd rsyslogd-2207 - - - error during parsing file \/usr\/local\/etc\/rsyslog.conf, on or before line 27: invalid character ';' - is there an invalid escape sequence somewhere? [try http:\/\/www.rsyslog.com\/e\/2207 ]\r\n<43>1 2015-11-10T17:27:18.356496+01:00 bsd rsyslogd-2184 - - - action 'RSYSLOG_SyslogProtocol23Format' treated as ':omusrmsg:RSYSLOG_SyslogProtocol23Format' - please change syntax, 'RSYSLOG_SyslogProtocol23Format' will not be supported in the future [try http:\/\/www.rsyslog.com\/e\/2184 ]\r\n<43>1 2015-11-10T17:27:18.356512+01:00 bsd rsyslogd-3000 - - - user name 'RSYSLOG_...' too long - ignored\r\n<43>1 2015-11-10T17:27:18.356562+01:00 bsd rsyslogd-2207 - - - error during parsing file \/usr\/local\/etc\/rsyslog.conf, on or before line 27: warnings occured in file '\/usr\/local\/etc\/rsyslog.conf' around line 27 [try http:\/\/www.rsyslog.com\/e\/2207 ]\r\n<43>1 2015-11-10T17:27:18.356653+01:00 bsd rsyslogd-2304 - - - BSD-style blocks are no longer supported in rsyslog, see http:\/\/www.rsyslog.com\/g\/BSD for details and a solution (Block '!ppp') [try http:\/\/www.rsyslog.com\/e\/2304 ]\r\n<43>1 2015-11-10T17:27:18.356703+01:00 bsd rsyslogd-2304 - - - BSD-style blocks are no longer supported in rsyslog, see http:\/\/www.rsyslog.com\/g\/BSD for details and a solution (Block '!*') [try http:\/\/www.rsyslog.com\/e\/2304 ]\r\n\r\n<27>1 2015-11-10T17:27:19.482482+01:00 bsd nmbd 1737 - - [2015\/11\/10 17:27:19.481957, 0] ..\/lib\/util\/become_daemon.c:136(daemon_ready)\r\n<27>1 2015-11-10T17:27:21.750548+01:00 bsd smbd 1740 - - [2015\/11\/10 17:27:21.749661, 0] ..\/lib\/util\/become_daemon.c:136(daemon_ready)\r\n<27>1 2015-11-10T17:27:21.760813+01:00 bsd smbd 1740 - - STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to fetch record!\r\n<27>1 2015-11-10T17:27:21.819782+01:00 bsd winbindd 1744 - - [2015\/11\/10 17:27:21.819054, 0] ..\/source3\/winbindd\/winbindd_cache.c:3196(initialize_winbindd_cache)\r\n<27>1 2015-11-10T17:27:21.820014+01:00 bsd winbindd 1744 - - initialize_winbindd_cache: clearing cache and re-creating with version number 2\r\n<27>1 2015-11-10T17:27:21.838248+01:00 bsd winbindd 1744 - - [2015\/11\/10 17:27:21.838055, 0] ..\/lib\/util\/become_daemon.c:136(daemon_ready)\r\n\r\n<11>1 2015-11-10T17:27:22.099952+01:00 bsd freevrrpd 1796 - - cannot create a netgraph socket: No such file or directory\r\n<10>1 2015-11-10T17:27:22.100123+01:00 bsd freevrrpd 1796 - - cannot create a bridge device: No such file or directory\r\n<10>1 2015-11-10T17:27:22.100257+01:00 bsd freevrrpd 1796 - - aborting...\r\n<\/pre>\n
Protocol<\/h4>\n
\nUnix – System Logging<\/a><\/p>\n\r\n#define LOG_EMERG 0 \/* system is unusable *\/\r\n#define LOG_ALERT 1 \/* action must be taken immediately *\/\r\n#define LOG_CRIT 2 \/* critical conditions *\/\r\n#define LOG_ERR 3 \/* error conditions *\/\r\n#define LOG_WARNING 4 \/* warning conditions *\/\r\n#define LOG_NOTICE 5 \/* normal but significant condition *\/\r\n#define LOG_INFO 6 \/* informational *\/\r\n#define LOG_DEBUG 7 \/* debug-level messages *\/\r\n<\/pre>\n
\r\n#define LOG_KERN (0<<3) \/* kernel messages *\/\r\n#define LOG_USER (1<<3) \/* random user-level messages *\/\r\n#define LOG_MAIL (2<<3) \/* mail system *\/\r\n#define LOG_DAEMON (3<<3) \/* system daemons *\/\r\n#define LOG_AUTH (4<<3) \/* security\/authorization messages *\/\r\n#define LOG_SYSLOG (5<<3) \/* messages generated internally by syslogd *\/\r\n#define LOG_LPR (6<<3) \/* line printer subsystem *\/\r\n#define LOG_NEWS (7<<3) \/* network news subsystem *\/\r\n#define LOG_UUCP (8<<3) \/* UUCP subsystem *\/\r\n#define LOG_CRON (9<<3) \/* clock daemon *\/\r\n#define LOG_AUTHPRIV (10<<3) \/* security\/authorization messages (private) *\/\r\n#define LOG_FTP (11<<3) \/* ftp daemon *\/\r\n#define LOG_LOCAL0 (16<<3) \/* reserved for local use *\/\r\n#define LOG_LOCAL1 (17<<3) \/* reserved for local use *\/\r\n#define LOG_LOCAL2 (18<<3) \/* reserved for local use *\/\r\n#define LOG_LOCAL3 (19<<3) \/* reserved for local use *\/\r\n#define LOG_LOCAL4 (20<<3) \/* reserved for local use *\/\r\n#define LOG_LOCAL5 (21<<3) \/* reserved for local use *\/\r\n#define LOG_LOCAL6 (22<<3) \/* reserved for local use *\/\r\n#define LOG_LOCAL7 (23<<3) \/* reserved for local use *\/\r\n#define LOG_FAC_INVLD 24\r\n#define LOG_INVLD (LOG_FAC_INVLD<<3) \/* invalid facility\/PRI code *\/\r\n<\/pre>\n
\r\nsyslogName_t syslogFacNames[] = {\r\n {"auth", LOG_AUTH},\r\n {"authpriv", LOG_AUTHPRIV},\r\n {"cron", LOG_CRON},\r\n {"daemon", LOG_DAEMON},\r\n {"kern", LOG_KERN},\r\n {"lpr", LOG_LPR},\r\n {"mail", LOG_MAIL},\r\n {"mark", LOG_MARK}, \/* INTERNAL *\/\r\n {"news", LOG_NEWS},\r\n {"security", LOG_AUTH}, \/* DEPRECATED *\/\r\n {"bsd_security", (13<<3) }, \/* BSD-specific, unfortunatly with duplicate name... *\/\r\n {"syslog", LOG_SYSLOG},\r\n {"user", LOG_USER},\r\n {"uucp", LOG_UUCP},\r\n {"ftp", LOG_FTP},\r\n {"audit", LOG_AUDIT},\r\n {"console", (14 << 3)}, \/* BSD-specific priority *\/\r\n {"local0", LOG_LOCAL0},\r\n {"local1", LOG_LOCAL1},\r\n {"local2", LOG_LOCAL2},\r\n {"local3", LOG_LOCAL3},\r\n {"local4", LOG_LOCAL4},\r\n {"local5", LOG_LOCAL5},\r\n {"local6", LOG_LOCAL6},\r\n {"local7", LOG_LOCAL7},\r\n {"invld", LOG_INVLD},\r\n {NULL, -1},\r\n};\r\n<\/pre>\nWikipedia<\/h3>\n
\nSyslog<\/a> (en)<\/p>\nOther Resources<\/h3>\n
\nIntroduction to Syslog Protocol<\/a><\/p>\nOther implementations<\/h3>\n