2009年11月9日 星期一

Yu-Min Space: Linux syslog 程式設計筆記

Yu-Min Space: Linux syslog 程式設計筆記

Linux syslog 程式設計筆記
LINUX下執行的程式除了自己輸出系統日誌到特定檔案外,還可以透過 syslogd來達成這個功能,免除了自行開檔關檔的工作。


程式要使用系統日誌功能,只需要在程式啟動時使用openlog函數來連接syslogd程式,後面隨時用syslog函數傳人系統日誌就行了。

相關的函式有 openlog,syslog,closelog。


#include

void openlog(const char *ident, int option, int facility)

開啟一個到系統日誌記錄程式的連接,開啟後就可使用用syslog或vsyslog函數在系統日誌中添加資訊
ident 是一個標記,ident所表示的字串將固定地加在每行日誌的前面以標識這個日誌,通常就寫成當前程式的名稱以作標記。


option 是下列值取與運算的結果:

LOG_CONS
Write directly to system console if there is an error while sending to system logger.

LOG_NDELAY
Open the connection immediately (normally, the connection is opened when the first message is logged).

LOG_NOWAIT
Don’t wait for child processes that may have been created while logging the message. (The GNU C library does not create a
child process, so this option has no effect on Linux.)

LOG_ODELAY
The converse of LOG_NDELAY; opening of the connection is delayed until syslog() is called. (This is the default, and need
not be specified.)

LOG_PERROR
(Not in SUSv3.) Print to stderr as well.

LOG_PID
Include PID with each message.


facility 指明記錄日誌的程式的類型。facility is the default facility code for this connection. A syslog on this connection that specifies default facility causes this facility to be associated with the message. See syslog for possible values. A value of zero means the default default, which is LOG_USER.



#include

void syslog(int priority, const char *format, ...)

把日誌消息發給系統程式輸出至syslogd記錄
priority 日誌消息的緊急級別

LOG_USER

A miscellaneous user process
LOG_MAIL

Mail
LOG_DAEMON

A miscellaneous system daemon
LOG_AUTH

Security (authorization)
LOG_SYSLOG

Syslog
LOG_LPR

Central printer
LOG_NEWS

Network news (e.g. Usenet)
LOG_UUCP

UUCP
LOG_CRON

Cron and At
LOG_AUTHPRIV

Private security (authorization)
LOG_FTP

Ftp server
LOG_LOCAL0

Locally defined
LOG_LOCAL1

Locally defined
LOG_LOCAL2

Locally defined
LOG_LOCAL3

Locally defined
LOG_LOCAL4

Locally defined
LOG_LOCAL5

Locally defined
LOG_LOCAL6

Locally defined
LOG_LOCAL7

Locally defined


format 日誌消息的格式,之後是格式對應的參數類似printf函數。



#include

void closelog(void)

關閉 開啟的 openlog 連接


#include

void vsyslog(int priority, const char *format, va_list ap);

把日誌消息發給系統程式輸出至syslogd記錄



簡單範例

#include

int main(int argc, char **argv)
{
openlog("test", LOG_CONS | LOG_PID, 0);
syslog(LOG_INFO, "This is a syslog test message generated by program '%s'n", argv[0]);
closelog();

return 0;
}



結果輸出一般是 /var/log/messages 或是 /var/log/syslog

視 /etc/syslog.conf 中的設定,下面的設定是輸出至 /var/log/messages

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log




補充

Linux有關syslog的函式沒有提供syslog寫到遠端syslogd的功能,如果在程式中想要將syslog寫到遠端的syslog 伺服器,可以使用socket udp(514)的函式,將訊息送出。


參考資料

http://insecure.org/sploits/aix.generic.syslogd.problem.html

http://zhoulifa.bokee.com/6104993.html

http://www.dusek.ch/manual/glibc/libc_18.html


http://www.balabit.com/network-security

沒有留言: