Writing to System Logs | Unix Linux Forums | Red Hat

  Go Back    


Red Hat Red Hat is the world's leading open source technology solutions provider with offerings including Red Hat Enterprise Linux (RHEL), Fedora, open source applications, security and systems management, virtualization, and Services Oriented Architecture (SOA) solutions.

Writing to System Logs

Red Hat


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 01-02-2013
Brandon9000 Brandon9000 is offline
Registered User
 
Join Date: May 2012
Last Activity: 28 February 2013, 2:20 PM EST
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Writing to System Logs

This isn't a RedHat specific question. The software in question might be used for any Linux distribution. Would it be advisable or inadvisable for my application, to be downloaded by many people I don't know, to write to the following logs in /var/log?

maillog or mail.log
messages
secure

Is there a reason not to do this, and if I do write to these logs, is ordinary file I/O good enough?

Thanks.

Brandon
Sponsored Links
    #2  
Old 01-02-2013
thmnetwork thmnetwork is offline
Registered User
 
Join Date: Mar 2004
Last Activity: 13 April 2013, 4:20 PM EDT
Location: Boise, Idaho, United States
Posts: 144
Thanks: 13
Thanked 6 Times in 6 Posts
syslog generally keeps its destination files open:


Code:
[root@localhost log]# fuser maillog
maillog:              4648
[root@localhost log]# ps -efa | grep 4648
root      4648     1  0  2012 ?        00:00:01 syslogd -m 0
root     11294  9649  0 16:20 pts/0    00:00:00 grep 4648
[root@localhost log]#

Obviously two programs can't/shouldn't be writing to the same file. There are also syslog-specific reasons for not wanting to do it this way: What if I'm doing a remote syslog? If you're logging directly to files you don't get to take advantage of that and if you want to build that funtionality in yourself then your job is just that much harder. What if the sysadmin wants your logs to go to two different files? etc, etc.

These are the problems the syslog daemon was created to resolve: make a single program broker access to the logging system, then you can solve common problems in one place and in a way that doesn't lead to programs clobbering the work of others.

Most languages have syslog bindings anyways so there's very little reason to want to do it a different way.
Sponsored Links
    #3  
Old 01-02-2013
Brandon9000 Brandon9000 is offline
Registered User
 
Join Date: May 2012
Last Activity: 28 February 2013, 2:20 PM EST
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Could I write to all three of these logs with syslog, and would it work across most Linux distributions?
    #4  
Old 01-02-2013
thmnetwork thmnetwork is offline
Registered User
 
Join Date: Mar 2004
Last Activity: 13 April 2013, 4:20 PM EDT
Location: Boise, Idaho, United States
Posts: 144
Thanks: 13
Thanked 6 Times in 6 Posts
You wouldn't be able to specify these particular files (the messages are routed to the destination files based on the facility/priority pair the program assigned to the message). However the files and the facility/priorities that write to them are pretty consistent across most distributions' default configurations, so you can usually be 90% sure of what file your log will end up in. For example, almost all distributions will route a "mail" facility message of any priority to the /var/log/maillog file, anything logged as "authpriv" to /var/log/secure etc. Linux distros don't have to do it that way, but they have adopted similar configurations just to stick with a common convention where possible.

Basically: by design, you won't be able to be sure that some mail-related message you generate will always end up in /var/log/maillog but if you log to the "mail" facility you can just know that /var/log/maillog is where it's going to end up on almost every major Linux distribution.

Last edited by thmnetwork; 01-02-2013 at 06:19 PM..
Sponsored Links
    #5  
Old 01-02-2013
Brandon9000 Brandon9000 is offline
Registered User
 
Join Date: May 2012
Last Activity: 28 February 2013, 2:20 PM EST
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
It won't be a message related to the general purpose of the log, just a message that I want to put there. I assure you I have reason enough to do what I want to do. I just wonder about the difficulty/appropriateness of writing to these logs.
Sponsored Links
    #6  
Old 01-03-2013
thmnetwork thmnetwork is offline
Registered User
 
Join Date: Mar 2004
Last Activity: 13 April 2013, 4:20 PM EDT
Location: Boise, Idaho, United States
Posts: 144
Thanks: 13
Thanked 6 Times in 6 Posts
Well you're not going to reliably write to the log files directly, so you might as well disregard that notion out of hand. If it's a message that's unrelated to mail (for example) and you want it grouped with other email messages, you can just log it with the "mail" facility and let the syslog daemon do with it whatever it does with "mail" logs in general, which means they'll generally end up in the same place.

It's honestly not that difficult. To syslog in python:


Code:
import syslog
syslog.openlog(logoption=syslog.LOG_PID, facility=syslog.LOG_MAIL)
syslog.syslog('Some mail-related log message...')

If you're using regular C then this will be a good reference.

Basically, the whole thing is over with by the third line no matter what language you're writing your program in.
Sponsored Links
    #7  
Old 01-03-2013
Brandon9000 Brandon9000 is offline
Registered User
 
Join Date: May 2012
Last Activity: 28 February 2013, 2:20 PM EST
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Thank you.

What I would write is beginning of day markers at midnight. My issue is that these logs never show the year. Ordinarily, this causes no confusion, since the year is quite obvious. For machines that may be down for years or months at a time, there could occasionaly be ambiguity as to the year of a log entry. Therefore, for reasons connected with my application, I am considering writing a 12:00 AM delimiter, which includes the year, to remove all doubt as to exactly what day, including year, every message belongs to.
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
system logs thecobra151 AIX 1 02-28-2011 08:01 AM
logs for system shutdown batman727 Solaris 2 04-23-2009 10:44 AM
System Logs masquerer AIX 6 10-28-2008 01:22 PM
system logs' life xramm Solaris 1 03-31-2008 10:01 AM



All times are GMT -4. The time now is 12:11 PM.