user rsyslog/syslog

Ran Shalit ranshalit at gmail.com
Wed Feb 24 07:20:23 EST 2016 

On Wed, Feb 24, 2016 at 10:17 AM,  <Valdis.Kletnieks at vt.edu> wrote:
> On Wed, 24 Feb 2016 09:36:54 +0200, Ran Shalit said:
>
>> I am trying to write to rsyslog from application.
>> With openlog(..., LOG_USER), it works fine and I find the log in
>> /var/log/user.log (it is defines in /etc/rsyslog.d/50-defaults.conf )
>> But we need to enable different applications to have each its own log file.
>> I tried to use LOG_LOCAL0 instead and configured it in
>> /etc/rsyslog.d/50-defaults.conf the same way as user:
>>
>> local0.* action
>> {
>>   type="omfile"
>>  FILE="/var/log/local0.log"
>>  FileOwner="root"
>>  FileGroup="adm"
>>
>> }
>>
>> I then did
>> 1. /etc/init.d/rsyslog stop
>> 2. /etc/init.d/rsyslog start
>> I see no warnings or errors, and I started the application trying to
>> write to LOG_LOCAL0, But there is no new file created, no logs.
>>
>> Is there any idea whatws wrong, or how I can achieve this multi user's logs ?
>
> Not really a kernel issue, is it?  But anyhow....
>
> First thing to do is to make sure your code checks the return code
> from openlog().
>
> The next thing to check is that your application is actually trying to
> log to LOCAL0.  Using the debugging tool of your choice, ensure that control
> flow reaches the syslog() statement. Make sure that it's using LOCAL0.
>
> Define an action for *.* dumping to /var/log/everything.log - does your
> message show up in there?
>
> In other words, all the usual userspace debugging.. start at the beginning
> and trace through the flow.
>
> And since rsyslog allows regex matching, maybe you should be letting all the
> applications continue logging to LOG_USER, and then use filters
> of the form 'programname startswith app1', 'programname startswith app2',
> and so on to select based on the program name.
>
Hi Vladis,

Thanks a lot.
I see that openlog has not retuen value, and it seems that only
openlog get the LOG_USER (or LOG_LOCAL0) arguments.
the other functions such as syslog does not use it at all, for example:

openlog("Logs", "", LOG_USER);
syslog(LOG_INFO, "Start logging");
closelog();

Anyway, on debugging I seet that these routines are called, but
nothing gets into the expected localX files. It only works with the
USER file.

Maybe the last suggestion will be the most practical if this issue
can't be resolved, which means that I will use one file for all logs,
in which each line will have its own tag string according to the
application.

Thanks,
Ran

More information about the Kernelnewbies mailing list