Syslog library and deamon for virtualsquare projects
Syslog is a service for deamon processes to provide feedback about their operational status: error messages, crtical situations, informational or debug messages.
Initially created for sendmail it is de facto (and de jure) standard for logging. Syslog standard has been defined by RFC 3164 and then by RFC 5424.
The implementation provided by glibc and the syslog deamons currently available in Linux distributions is based on a two/three tiers architecture:
-
syslog(3)facility included in glibc provides functions to send log messages to a local daemon running on the same host (it uses aAF_UNIXsocket, usually/dev/log) -
syslogd(nowadays often provided by a systemd metastasis) is a local server which collects the log messages from local deamon and dispatches them to log file archives and/or to syslog centralized servers (using the UDP or TCP services defined in the RFCs). -
Site, institution centralized
syslogservers collect all the relevant log messages. Sysadms can monitor the status of a large number of hosts by examining or processing the log messages managed by these servers.
This implementation design is unfit for virtualsquare projects:
- Internet of Threads (IoTh) processes are network nodes, having their own personality on the network (IP address, independent TCP-IP stack). The physical host (e.g. Linux box) they are currently running on is merely incidental. The local syslogd has no roles in this architecture.
- By VUOS users can run their own daemons in user space, using user privileges.
All VUOS modules create specific execution environments for processes, likewise if they were
some sort of user level
implemented namespaces: neither root access nor specific capabilities are required.
Using the currently available syslog implementation users can run their daemons but
root access is required to read the log messsages (e.g. read the
/var/log/syslogfile) or configure syslog to store or process log messages elsewhere (e.g. by editing/etc/syslog.conffile)
v2syslog provides a library which enables daemon processes to route their log messages to
networked logging services.
A syslog server deamon named v2syslogd is included. This syslog daemon can run as an
IoTh process.
The API of v2syslog is a backwards compatible extension of syslog(3).
void v2openlog(const char *ident, int option, int facility);
void v2closelog(void);
void v2syslog(int priority, const char *format, ...);
void v2vsyslog(int priority, const char *format, va_list ap);The signature and the meaning of the arguments is the same of their counterparts in syslog(3)
(without the v2 prefix). The library should work as drop-in replacement of syslog functions:
any program using syslog(3) can use v2*log functions instead of *log with no appreciable
changes in its behavior.
v2syslog provides extended functionnalities.
The function v2setlog defines the local or remote syslog deamon where log messages will be routed to.
void v2setlog(struct ioth *stack, struct v2syslog_server server,
const char *hostname, const char *procid);stackis the IoTh stack to use (see libioth). The kernel provided TCP-IP stack is used when the argumentstackisNULL.serveris the address of the syslog deamon to use. Some convenient macros are provided to define this argument.v2syslog_UNIX(path): the deamon is reachable at the UNIX socketpath.v2syslog_INET(addr, port): the daemon is available at theportat the IPv4 addressaddr.v2syslog_INET6(addr, port): the daemon is available at theportat the IPv6 addressaddr.
hostnameis the host name to appear in the log messages (nodenamereturned byuname(2)is used ifhostnameis NULL)procidis the process id for log messages (getpidorgettidoutput is used if this arg isNULL
Examples:
- use
/tmp/service/.loginstead of/dev/log:
v2setlog(NULL, v2syslog_UNIX("/tmp/service/.log", NULL, NULL)- use
.mylogin the home directory instead of/dev/log:
v2setlog(NULL, v2syslog_UNIX("~/.mylog", NULL, NULL)- use
.login the home directory (the default user path) instead of/dev/log:
v2setlog(NULL, v2syslog_UNIX("~", NULL, NULL)- send logs to a server running at 192.168.1.1 at port 5140.
struct in_addr ip4addr;
inet_pton(AF_INET, "192.168.1.1", &ip4addr);
v2setlog(NULL, v2syslog_INET(&ip4addr, 5140), NULL, NULL);- send logs to a server running at 10.0.0.1 using a IoTh stack (vxvde, localaddr=10.0.0.100):
struct ioth *stack = ioth_newstackc(
"stack=vdestack,vnl=vxvde://234.0.0.1,eth,ip=10.0.0.100/24");
struct in_addr ip4addr;
inet_pton(AF_INET, "10.0.0.1", &ip4addr);
v2setlog(stack, v2syslog_INET(&ip4addr, 514), "magicdaemon", NULL);v2openlog supports more options than openlog.
LOG_STREAM: try to send log messages using stream sockets (TCP or UNIX-stream)LOG_STREAM_ONLY: send log messages using stream sockets (TCP or UNIX-STREAM) onlyLOG_DGRAM_ONLY: send log messages using datagram sockets (UDP or UNIX-DGRAM) onlyLOG_3164: use the protocol defined in RFC 3164LOG_5424: use the protocol defined in RFC 5424LOG_FRAMING_COUNT: use the octet counting (3.1.1 of RFC 6587)LOG_USE_TID: send tid (thread id) instead of pid
(When both LOG_3164 and LOG_5424 are not set, the default protocol of syslog(3) is used.
It is like RFC 3164 but no hostname is added. It is the legacy BSD protocol).
void v2syslogx(int priority, const char *msg_id, const char *struct_data,
const char *format, ...);
void v2vsyslogx(int priority, const char *msg_id, const char *struct_data,
const char *format, va_list ap);v2syslogx and v2vsyslogx are extended versions of v2syslog and v2vsyslog providing
two further arguments:
msg_id: define message id (6.2.7 of RFC 5424),struct_data: set structured data (6.3 of RFC 5424).
v2syslogd is a syslog daemon. It currently supports UNIX datagram and UDP.
The most relevant command line options are:
-f <conffile>or--rcfile <conffile>: define the configuration file. The syntax is similar to syslog.conf. It is described here below in the next section. When omittedv2syslogdsimply prints the log messages received on standard error.-dor--daemon: runv2syslogdin background as a daemon. This option is often used together with-p <pidfile>of--pidfile <pidfile>to store the actual process id of the deamon (to terminate it by a SIGTERM message or to reload the configuration file using a SIGHUP message).-P <portno>or--port <portno>: define the port (default value 514).-Uor--udp: use UDP (can be omitted, UDP is the default configration).-u <socket>or--socket <socket>: use a UNIX socket bound at the specified pathname.-l <path>or--selflog <path>: set the pathname to file v2syslogd errors as syslog deamon errors cannot be managed by syslog itself! Errors are printed on standard error if not set.-s <ioth stack configuration>or--stack <ioth stack configuration>: start v2syslogd as a IoTh process, the parameter is the IoTh configuration string as supported by iothconf.-4or--ipv4: use IPv4 only (th default behavior is to use IPv6 (and IPv4 in backwards compatibility mode if supported by the stack).
The syntax is similar to syslog.conf: "Every rule consists of two fields, a selector field and an action field. These two fields are separated by one or more spaces or tabs. The selector field specifies a pattern of facilities and priorities belonging to the specified action."
Lines beginning by # are comments.
The syntax of selectors is the same described in syslog.conf.
The action can be the pathname of a file or the pathname of a script/program prefixed by !.
In the former case (file) all log messages matching the selector are added (in append mode) to the
named file. It is possible to add a format string at the end of the line.
The format string is similar to printf or strftime format strings: all the characters of the
format are verbatim copied to the output except for the following conversion specifications:
%%: a percent symbol%P: the priority name%F: the facility name%t: the local time of the reception of the message byv2syslogd, using the format of the Example 4, RFC 5424, section 6.2.3.1.%T: the local time of the reception of the message byv2syslogd, using the BSD legacy format (RFC 3164 compliant)%U: the timestamp got by the sender (the logging process). It is provided in the format of RFC5424 UTC%I: the IP address and port of the sender process%i: the IP address of the sender process%h: the hostname%H: the hostname if specified otherwise the IP address if defined otherwise the nodename%K: the IP address if defined otherwise the nodename%a: the application%p: the process id%[: returns[pid]if the process id is defined, an empty string otherwise%M: the message id%s: the structured data%m: the log message
When not specified, the default format is "%T %H %a%[: %m": it is the same format used in /var/log/syslog.
e.g.
Aug 09 17:40:41 eipi10 renzo: test message
Aug 09 17:40:54 deamonhost mydaemon[367407]: second test
a quite complete output can be obtained using the format "%F %P %t %U %I %h %a %p %M %s %m":
user notice 2022-08-09T17:49:33.343428+02:00 2022-08-09T15:49:33.343073Z ::ffff:10.0.0.101/57507 eipi10 renzo - - test message
If the action field begins by exclamative mark ! v2syslog starts an instance of the script/program
for each received message matching the selector. All the fields of the log item are provided to
the script/program as environment variables:
SL_PRIO: priority nameSL_FAC: facility nameSL_DTIME: daemon time (UTC seconds from the epoch)SL_LTIME: logging/sender time (UTC seconds from the epoch)SL_SENDER: IP address of the senderSL_SENDPORT: IP port of the senderSL_HOST: hostnameSL_APPL: applicationSL_PID: pricess id/thread idSL_MSGID: message idSL_MSG: the log message
*.crit /dev/stderr
*.* /tmp/testlog "%F %P %t %U %I %h %a %p %M %s %m"
user.notice ~
all the log messages are appended to /tmp/syslog, the log messages of level critical or above are also
printed on the standard error file. Log messages whose faicility is user and level notice or above
are also appended to the default user syslog file: $HOME/.syslog (where $HOME is the pathname
of the user's home directory, retrieved from the HOME env variable).