Syslog Example

What is Syslog

Syslog is a standard for logging program messages. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. It also provides devices which would otherwise be unable to communicate a means to notify administrators of problems or performance.

Syslog can be used for computer system management and security auditing as well as generalized informational, analysis, and debugging messages. It is supported by a wide variety of devices (like printers and routers) and receivers across multiple platforms. Because of this, syslog can be used to integrate log data from many different types of systems into a central repository.

Messages refer to a facility (auth, authpriv, daemon, cron, ftp, lpr, kern, mail, news, syslog, user, uucp, local0, ... , local7 ) and are assigned a priority/level (Emergency, Alert, Critical, Error, Warning, Notice, Info or Debug) by the sender of the message.

Configuration allows directing messages to various local devices (console), files (/var/log/) or remote syslog daemons. Care must be taken when updating the configuration as omitting or misdirecting message facility.level can cause important messages to be ignored by syslog or overlooked by the administrator. Logger is a command line utility that can send messages to the syslog.

Configuring Syslog

Syslog has 8 configurable log files that are available for the programmer to use. These log files are referred to as LOG_LOCALx where x is an integer from 0 to 7.

Configure syslog with LOG_LOCALx  by adding following line in /etc/syslog.conf  file :

local0.* /var/log/testlog
This tells syslog that any logs written to the LOG_LOCAL0, should be written in '/var/log/testlog' file. 

After updating /etc/syslog.conf, restart the syslogd daemon :

/etc/init.d/syslog restart

Log using Syslog

Now as we have configured the LOG_LOCAL0. We can write debugging information to our log file through syslog, as shown below in test program :

#include <syslog.h>
#include <unistd.h>
#include <sys/types.h>
int main()
{
    openlog ("Test", LOG_CONS | LOG_PID | LOG_NDELAY, LOG_LOCAL0);
    syslog (LOG_INFO, "Program started by User %d", getuid() );
    syslog (LOG_ERR, "ERROR!");
    closelog ();
}

The openlog function initiates syslog for our program. We just need to use once during the initiation of our program. Several options can be used to control the logging behavior, below is the explanation of the options used in the example above.

            Option                                                                    Meaning
LOG_CONS                  When syslog fails to submit a message, it writes the message to system console
LOG_PID                       Inserts the calling process' Process ID (PID) into the message
LOG_NODELAY          Open and connect to syslog
LOG_LOCAL0             Where to write the logs

The syslog call writes messages to our syslog facility LOG_LOCAL0. The first argument (LOG_INFO, LOG_ERR) specifies the log level or priority. This allows more fine tuning for example by specifying different logging files (or actions) for each logging level. See man -S3 syslog for the full list of debugging levels.

The format of the log messages is :
DATE TIME MACHINE-NAME PROGRAM-NAME[PID]: MESSAGE

Output :
Apr 7 21:36:41 centos-osp Test[20304]: Program started by User 0
Apr 7 21:36:41 centos-osp Test[20304]: ERROR!