sleep 2
Even on my laptop it sometimes takes a bit too long for tshark to start up and syslogd to actually FWD the $MSG to remote. Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
RFC5424 Compliant System Logging
Table of Contents
Introduction
This is the continuation of the original Debian/Ubuntu syslog daemon,
updated with full RFC3164 and RFC5424 support from NetBSD and
FreeBSD. The package includes a library and syslog.h
header file
replacement, two system log daemons, and one command line tool.
The libsyslog
and syslog/syslog.h
, derived directly from NetBSD,
expose syslogp()
and other new features available only in RFC5424:
The syslogd
daemon is an enhanced version of the standard Berkeley
utility program, updated with DNA from FreeBSD. It is responsible for
providing logging of messages received from programs and facilities on
the local host as well as from remote hosts. Although compatible with
standard C-library implementations of the syslog()
API (GLIBC, musl
libc, uClibc), libsyslog
must be used in your application to unlock
the new RFC5424 syslogp()
API.
The klogd
daemon listens to kernel message sources and is responsible
for prioritizing and processing operating system messages. The klogd
daemon can run as a client of syslogd
or optionally as a standalone
program. klogd
can now be used to decode EIP addresses if it can
determine a System.map
file.
The included logger
tool can be used from the command line, or script,
to send RFC5424 formatted messages using libsyslog
to syslogd
for
local or remote logging.
Main differences from the original sysklogd package are:
- Built-in log-rotation support, with compression by default, useful for embedded systems. No need for cron and a separate logrotate daemon
- Full RFC3164 and RFC5424 support
- Includes timestamp and hostname, RFC3164 style, in remote logging
- Support for sending RFC5424 style remote syslog messages
- Includes a
logger
tool with RFC5424 capabilities (msgid
etc.) - Includes a library and system header replacement for logging
- FreeBSD socket receive buffer size patch
- Avoid blocking
syslogd
if console is backed up - Touch PID file on
SIGHUP
, for integration with Finit - GNU configure & build system to ease porting/cross-compiling
- Support for configuring remote syslog timeout
Build & Install
The GNU Configure & Build system use /usr/local
as the default install
prefix. In many cases this is useful, but this means the configuration
files and cache files will also use that same prefix. Most users have
come to expect those files in /etc/
and /var/run/
and configure has
a few useful options that are recommended to use:
$ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
$ make -j5
$ sudo make install-strip
You may want to remove the --prefix=/usr
option.
Building from GIT
If you want to contribute, or just try out the latest but unreleased features, then you need to know a few things about the GNU build system:
configure.ac
and a per-directoryMakefile.am
are key filesconfigure
andMakefile.in
are generated fromautogen.sh
, they are not stored in GIT but automatically generated for the release tarballsMakefile
is generated byconfigure
script
To build from GIT you first need to clone the repository and run the
autogen.sh
script. This requires automake
and autoconf
to be
installed on your system.
git clone https://github.com/troglobit/sysklogd.git
cd sysklogd/
./autogen.sh
./configure && make
GIT sources are a moving target and are not recommended for production systems, unless you know what you are doing!
Origin & References
This is the continuation of the original sysklogd by Martin Schulze. Now maintained and heavilty updated by Joachim Nilsson. Please file bug reports, or send pull requests for bug fixes and proposed extensions at GitHub.