HPE Community
Operating System - Linux
1753856 Members
7167 Online
108809 Solutions
New Discussion юеВ

Re: Syslog.conf

 
SOLVED
Go to solution
moorthyp
Occasional Advisor

тАО07-27-2007 11:36 PM

тАО07-27-2007 11:36 PM

Syslog.conf

Dear all,
i am trying to create separate log files for my application excutable.
if example.
i have written one program .i have used openlog,syslog,closelog functions(this excutale name is "sys").whenever i am runing this program its appening the default log (/var/adm/syslog/syslog.log).

there is no issue....
but i want to create separte log file like this
"/var/adm/syslog/system.log".i tried following ways
i was edited "/etc/syslog.conf" like this
sys.info(2 TAB space) /var/adm/syslog/system.log...
then i restarted syslogd service..
but its not working..

can u tell me .what ever am did is it right?
how to do this?
0 Kudos
6 REPLIES 6
Matti_Kurkela
Honored Contributor

тАО07-28-2007 01:56 AM

тАО07-28-2007 01:56 AM

Solution

Re: Syslog.conf

The name of the executable is ignored by syslog.conf.

The (non-comment) lines in /etc/syslog.conf consist of two parts, separated by one or more TABs. The first part is known as "selector" and the second part as "action".

The selector is a pair of "facility" and "level", or a set of two or more of those pairs.

The "facility" is *not* the name of the executable, but one of the following keywords:
kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, local0, local1, local2, local3, local4, local5, local6 or local7.

Note that these keywords match the constants such as LOG_USER that can be used with the openlog() and syslog() functions.

To separate your program's log output from the others, pick a facility that is not used by any other program in your system. The facilities local0...local7 are designed just for that.

Please don't use misleading facilities like kern (=kernel) or cron for your application, or you will in the future be hated by sysadmins who need to configure an automated monitoring system to parse your program's log messages.

(By the way, it would be a good idea to make the syslog facility configurable at run-time, so that you won't need tor recompile your program when installing it to a new environment that might use your chosen facility for something else.)

Then, your program should do something like this:

/*set these to whatever you need or want*/
#define YOUR_LOGOPTS (LOG_PID | LOG_CONS)
#define YOUR_APP "sys"

[...]
openlog(YOUR_APP, YOUR_LOGOPTS, LOG_LOCAL7);

syslog(LOG_ERR, "Error: Tried to do X but got error %d", errno);

If you need to use two different syslog facilities, pick the one you intend to use the most and use it in the openlog() function. When you need to use another facility, just OR the facility with the level in the syslog() call:

syslog(LOG_LOCAL6 | LOG_DEBUG, "received %s", some_data);

Then you can capture the syslog output by configuring syslog.conf like this:

local7.debug /var/adm/syslog/system.log
local6.debug /var/adm/syslog/debug.log

Run "touch /var/adm/syslog/system.log /var/adm/syslog/debug.log" to create the logfiles, send a "kill -HUP" to syslogd to make it re-read the configuration file, and you're ready to test your program with syslog logging.

When you use the level "debug" in the selector, you get the log messages with the matching facility and level of LOG_DEBUG or greater (i.e. all).

MK
MK
0 Kudos
Bill Hassell
Honored Contributor

тАО07-28-2007 04:08 AM

тАО07-28-2007 04:08 AM

Re: Syslog.conf

You can also split different facility and/or priority messages into separate log files. syslog.conf is processed for each message so a particular log message may be recorded in several places. Here is an example:

mail.debug /var/adm/syslog/mail.log
*.info;mail.none;local5.none;auth.none /var/adm/syslog/syslog.log
auth.info /var/adm/syslog/auth.log
local5.info /var/adm/syslog/ftp.log
*.alert /dev/console
*.alert root
*.emerg *

Unlike any other Unix config file, syslog.conf requires mandatory tabs, not spaces between elements. In the above file:

1. The mail facility sends every message including debug messages to mail.log

2. All failities (*) sending info messages (and all higher importance) to syslog.log -- but (;) mail.none ignores all mail messages for syslog.log -- and (;) local5 (which is ftpd) and auth (all authorization msgs like logins) are also ignored. Whatever is left will be sent to syslog.log.

3. auth.info sends all authorization info level messages to auth.log

3. local5.info sends all ftpd info messages to ftp.log

4. all alert level and higher messages are sent to the console

5. all alert messages (and higher) are also sent to every root login terminal

6. all emerg level messages are sent to every logged in user terminal.

To see syslog.conf at work, use the logger command (man logger). To see all the facilities and priorities, see man 3c syslog)


Bill Hassell, sysadmin
0 Kudos
moorthyp
Occasional Advisor

тАО07-28-2007 09:34 PM

тАО07-28-2007 09:34 PM

Re: Syslog.conf

Thank You Mr.Matti Kurkela .
i have fixed that problem
Thank u once again
0 Kudos
moorthyp
Occasional Advisor

тАО07-28-2007 09:38 PM

тАО07-28-2007 09:38 PM

Re: Syslog.conf

Yah!!!!!!!!!!
0 Kudos
skt_skt
Honored Contributor

тАО07-29-2007 08:09 AM

тАО07-29-2007 08:09 AM

Re: Syslog.conf

show your thankful ny asigning points too.
0 Kudos
skt_skt
Honored Contributor

тАО07-29-2007 08:09 AM

тАО07-29-2007 08:09 AM

Re: Syslog.conf

show your thankful by asigning points too.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.