Linux System Log
Config files in Ubuntu:
/etc/rsyslog.conf
/etc/rsyslog.d/*.conf
Restart system log service in Ubuntu:
sudo service rsyslog restart
Show system log in Ubuntu:
tail -15 /var/log/syslog
C Sample Code for the system log
#include <stdio.h>
#include <syslog.h>
int main() {
syslog(LOG_CRIT,"LOG_CRIT\n");
syslog(LOG_ERR,"LOG_ERR\n");
syslog(LOG_WARNING,"LOG_WARNING\n");
syslog(LOG_INFO,"LOG_INFO\n");
syslog(LOG_DEBUG,"LOG_DEBUG\n");
printf("done!\n");
return 0;
}
Show the result:$tail -5 /var/log/syslog
Mar 21 11:57:52 yhchiu-workstation a.out: LOG_CRIT
Mar 21 11:57:52 yhchiu-workstation a.out: LOG_ERR
Mar 21 11:57:52 yhchiu-workstation a.out: LOG_WARNING
Mar 21 11:57:52 yhchiu-workstation a.out: LOG_INFO
Mar 21 11:57:52 yhchiu-workstation a.out: LOG_DEBUG
Advanced C Sample Code
#define LOGNAME "mylog"
#include <stdio.h>
#include <syslog.h>
int main() {
// tail -27 /var/log/syslog
syslog(LOG_CRIT,"LOG_CRIT\n");
syslog(LOG_ERR,"LOG_ERR\n");
syslog(LOG_WARNING,"LOG_WARNING\n");
syslog(LOG_INFO,"LOG_INFO\n");
syslog(LOG_DEBUG,"LOG_DEBUG\n");
// tail -10 /var/log/auth.log
openlog(LOGNAME, LOG_PID, LOG_AUTH);
syslog(LOG_CRIT, "auth LOG_CRIT\n");
syslog(LOG_ERR, "auth LOG_ERR\n");
syslog(LOG_WARNING,"auth LOG_WARNING\n");
syslog(LOG_INFO, "auth LOG_INFO\n");
syslog(LOG_DEBUG, "auth LOG_DEBUG\n");
closelog();
// tail -10 /var/log/syslog
openlog(LOGNAME, LOG_PID, LOG_SYSLOG);
syslog(LOG_CRIT, "syslog LOG_CRIT\n");
syslog(LOG_ERR, "syslog LOG_ERR\n");
syslog(LOG_WARNING,"syslog LOG_WARNING\n");
syslog(LOG_INFO, "syslog LOG_INFO\n");
syslog(LOG_DEBUG, "syslog LOG_DEBUG\n");
closelog();
// tail -10 /var/log/syslog
openlog(NULL, LOG_PID, LOG_SYSLOG);
syslog(LOG_CRIT, "syslog(null) LOG_CRIT\n");
syslog(LOG_ERR, "syslog(null) LOG_ERR\n");
syslog(LOG_WARNING,"syslog(null) LOG_WARNING\n");
syslog(LOG_INFO, "syslog(null) LOG_INFO\n");
syslog(LOG_DEBUG, "syslog(null) LOG_DEBUG\n");
closelog();
// tail -10 /var/log/local0
openlog(LOGNAME, LOG_PID, LOG_LOCAL0);
syslog(LOG_CRIT, "local0 LOG_CRIT\n");
syslog(LOG_ERR, "local0 LOG_ERR\n");
syslog(LOG_WARNING,"local0 LOG_WARNING\n");
syslog(LOG_INFO, "local0 LOG_INFO\n");
syslog(LOG_DEBUG, "local0 LOG_DEBUG\n");
closelog();
// tail -10 /var/log/local1
openlog(LOGNAME, LOG_PID, LOG_LOCAL1);
syslog(LOG_CRIT, "local1 LOG_CRIT\n");
syslog(LOG_ERR, "local1 LOG_ERR\n");
syslog(LOG_WARNING,"local1 LOG_WARNING\n");
syslog(LOG_INFO, "local1 LOG_INFO\n");
syslog(LOG_DEBUG, "local1 LOG_DEBUG\n");
closelog();
// tail -10 /var/log/local2
openlog(LOGNAME, LOG_PID, LOG_LOCAL2);
syslog(LOG_CRIT, "local2 LOG_CRIT\n");
syslog(LOG_ERR, "local2 LOG_ERR\n");
syslog(LOG_WARNING,"local2 LOG_WARNING\n");
syslog(LOG_INFO, "local2 LOG_INFO\n");
syslog(LOG_DEBUG, "local2 LOG_DEBUG\n");
closelog();
printf("done!\n");
return 0;
}
上面的設定local0~local7是可以自己定義的log預設Ubuntu沒有啟用, 需要修改rsyslog的設定
sudo vim /etc/rsyslog.d/50-default.conf
#加入三條rule
local0.* /var/log/local0
local1.* /var/log/local1
local2.* /var/log/local2
#重啟服務
sudo service rsyslog restart
設定syslog的rule的寫法是facility.level action, 更多資料可以參考
http://blog.sina.com.cn/s/blog_48eef8410100izuw.html
syslog的Header檔案
http://unix.superglobalmegacorp.com/Net2/newsrc/sys/syslog.h.html
留言