syslog分为客户端和服务端,它们通过/dev/log这个Unix域套接字通信。服务端通常是syslogd,有各种各样的syslogd,在ubuntu上使用的rsyslogd。libc通过openlog/syslog/closelog接口来写syslog。
#include <syslog.h>
void openlog(const char *ident, int option, int facility);
void syslog(int priority, const char *format, ...);
void closelog(void);
c代码例子:
$ cat syslog.c
#include <syslog.h>
int main(int argc, char **argv)
{
openlog("test", LOG_PERROR|LOG_PID, LOG_AUTH);
syslog(LOG_ERR, "%s", argv[1]);
closelog();
}
$ ./a.out 123
$ tail -f /var/log/auth.log
May 4 19:30:55 yuan-H87-D3H test[12997]: 123
有一些预定好的facility,它是用数字表示的。syslogd可能会把不同的facility生成到不同的文件。
The facility argument is used to specify what type of program is logging the message. This lets the configuration file specify that messages from different facilities will be handled differ‐
ently.
LOG_AUTH security/authorization messages
LOG_AUTHPRIV security/authorization messages (private)
LOG_CRON clock daemon (cron and at)
LOG_DAEMON system daemons without separate facility value
LOG_FTP ftp daemon
LOG_KERN kernel messages (these can't be generated from user processes)
LOG_LOCAL0 through LOG_LOCAL7
reserved for local use
LOG_LPR line printer subsystem
LOG_MAIL mail subsystem
LOG_NEWS USENET news subsystem
LOG_SYSLOG messages generated internally by syslogd(8)
LOG_USER (default)
generic user-level messages
LOG_UUCP UUCP subsystem
/var/log/auth.log
/var/log/daemon.log
/var/log/syslog
last
lastlog
logger
dmesg
/dev/kmsg
logrotate
参考
https://ubuntu.com/tutorials/viewing-and-monitoring-log-files
https://www.rsyslog.com/doc/v8-stable/
https://unix.stackexchange.com/questions/205883/understand-logging-in-linux