Login or Register to Ask a Question and Join Our Community


Programming

Want to get /var/log/messages redirected to a FIFO ...

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Programming Want to get /var/log/messages redirected to a FIFO ...
# 8  
Old 12-30-2008
I'm not supposed to touch any system related configuration as the same is maintained by different set of guys (administrator group) and they keep it optimized as per their requirements.

Still will you please tell me how can I get the /var/log/messages data redirected to my daemon (my app will run as a daemon); if possible without any change in the config files for the syslog daemon?

Is it possible that I get the data directly from the /dev/log socket as a copy of the messages?
If I could get a way as to hook to /dev/log directly; its the most preffered way.

I had initially tried even by opening files and calling select() on the descriptors but I never get the intimation of the arrival of the new data into the /var/log/messages file from select().

I tested this by logging messages using logger utility and also wrote my own logger program but select() didn't report me of any new data logs.
Last edited by Praveen_218; 12-30-2008 at 07:52 AM..
# 9  
Old 12-30-2008
The issue I have is that I do not have access to any of the configuration files due to some reasons.
Its only my application (which is a daemon) that will run with the root access and I can't control (no supposed to control / change) any other configuration stuff when it runs.

I earlier tried the hooking to /dev/log somehow to get a copy of syslog messages but failed. I even tried opening the /var/log/messages file and performed the select() but didn't get notify on any syslog messages update and select() didn't return at all.

Still, if its possible to have any other way you may suggest then please let me know, I would be happy to implement, otherwise the suggestion by Panos is okey for me.
# 10  
Old 12-30-2008
Panos' "tail" implementation is the best way to go for your problem. It simple clears the EOF from the stream so calls to fgets() (or any other function) won't stop.

/dev/log is a unix socket used to create messages, not to read them. If you wish to read messages from dmesg, you could use the syslog() (kernel function) glibc wrapper klogctl() with type 3 (which doesn't clear the kernel ring buffer).

Another solution is creating a "man-in-middle" situation by modifying syslog's daemon configuration so it operates on a different unix socket than /dev/log (say /whatever/new_socket). In other words, your program would read /dev/log for requests and forward them to syslog daemon unix socket (/whatever/new_socket).

Yet another solution would be to use ptrace() PTRACE_ATTACH/PTRACE_PEEKTEXT to intercept syslog's daemon read()'s from /dev/log.
# 11  
Old 12-30-2008
HI redoubtable,
Can you please elaborate further on ptrace() solution?

Ya, your suggestion "man-in-middle" is great, but again I need an access to the configuration files and its really do-able if I get to edit syslog.conf. Thanks for the input.

Panos method is also good enough and its similar to the way tail utility has been implemented and I've incorporated this too in my solution and used fstat() to look for the file size changes and lseek() to adjust file pointer and waiting with nanosleep() before subsequent fstat() calls.

Looking further to have another round of discussion on ptrace() .
# 12  
Old 12-30-2008
ptrace lets you have complete control over some program's syscalls. You can peek data, poke data (inject/modify) and even say when the process should continue executing that system call.

This solution is not the way to go (ptrace() can be very slow in some cases).

Anyway:
Code:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/user.h>
#include <sys/syscall.h>
#include <asm/ptrace-abi.h>


void
getdata (pid_t child, long addr, char * str, int len)
{   
        char * laddr;
        int i, j;
        int long_size = sizeof (long);
        union 
        {
                long val;
                char chars[long_size];
        } u;

        for (i=0, j = len / long_size, laddr = str; i < j; i++, laddr += long_size)
        {
                u.val = ptrace (PTRACE_PEEKDATA, child, addr + i * 4, NULL);
                memcpy (laddr, u.chars, long_size);
        }
        j = len % long_size;
        if (j != 0) 
        {
                u.val = ptrace (PTRACE_PEEKDATA, child, addr + i * 4, NULL);
                memcpy (laddr, u.chars, j);
        }
        str[len] = '\0';
}

int 
main (int argc, char * argv[])
{
        pid_t child = atoi (argv[1]);
        long orig_eax;
        long params[3];
        int status;
        char *str, *laddr;
        int toggle = 0;

        ptrace (PTRACE_ATTACH, child, NULL, NULL);
      
        while (1) 
        {
                orig_eax = ptrace (PTRACE_PEEKUSER, child, 4 * ORIG_EAX, NULL);
                if(orig_eax == SYS_read) 
                {
                        if (toggle == 0) 
                        {
                                toggle = 1;
                                params[0] = ptrace (PTRACE_PEEKUSER, child, 4 * EBX, NULL);
                                params[1] = ptrace (PTRACE_PEEKUSER, child, 4 * ECX, NULL);
                                params[2] = ptrace (PTRACE_PEEKUSER, child, 4 * EDX, NULL);
                                str = (char *) malloc ((params[2]+1)* sizeof(char));
                                memset (str, 0x0, (params[2]+1) * sizeof (char));
                                getdata(child, params[1], str, params[2]);
                                /* 
                                 * handle your string here 
                                 */
                                printf ("%s\n", str);
                                free (str);
                        }
                        else 
                        {
                                toggle = 0;
                        }
                }
                ptrace(PTRACE_SYSCALL, child, NULL, NULL);
        }
        exit (0);
}

Just go ahead and run ./this-program syslog_PID. If you do not supply a pid the program will segfault because there is no error checking specially around atoi().

Note: this is only a PoC of my suggestion.
# 13  
Old 12-31-2008
The quick-and-dirty way would be to do:
Code:
tail -f /var/log/messages | <some process>

In the case of your daemon, it would be to create a pipe, do a fork(), keep the output file descriptor, exec tail -f (above), and the daemon process reads from the input side of the pipe.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

Meaning of /var/log/messages

I am getting a lot of message as follows in /var/log/message files as follows. messages.1:559:May 4 20:01:56 SERVER2 kernel: session_stat: sync=0 async=33 aretr=0 messages.1:560:May 4 20:02:42 SERVER2 kernel: session_stat: dev=fd:5 state=6 blksize=4096 mmapsize=262144 messages.1:561:May 4... (2 Replies)
Discussion started by: Anjan Ganguly
2 Replies

2. Shell Programming and Scripting

Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog

I have been searching and reading about syslog. I would like to know how to Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog. tail -f /var/log/messages dblogger: msg_to_dbrow: no logtype using missing dblogger: msg_to_dbrow_str: val ==... (2 Replies)
Discussion started by: kenshinhimura
2 Replies

3. Shell Programming and Scripting

Log all the commands input by user at real time in /var/log/messages

Below is my script to log all the command input by any user to /var/log/messages. But I cant achieve the desired output that i want. PLease see below. function log2syslog { declare COMMAND COMMAND=$(fc -ln -0) logger -p local1.notice -t bash -i -- "$USER:$COMMAND" } trap... (12 Replies)
Discussion started by: invinzin21
12 Replies

4. SuSE

Some error messages in var/log/messages

How are you? SUSE V10 and 11. In /var/log/messages I see these lines in some servers. I'd like to know what causes these errors and how to fix them. Thank you, error: PAM: Authentication failure for root from XXXXXXXX Did not receive identification string from XXXXXXX Invalid user suse-gm... (2 Replies)
Discussion started by: JDBA
2 Replies

5. UNIX for Dummies Questions & Answers

fprintd messages in /var/log/messages

Whenever a user uses su I get the following error messages in /var/log/messages: Nov 23 04:24:55 <REMOVED> abrt: saved core dump of pid 26141 (/usr/libexec/fprintd) to /var/spool/abrt/ccpp-1322018695-26141.new/coredump (753664 bytes) Nov 23 04:24:55 <REMOVED> abrtd: Directory... (3 Replies)
Discussion started by: JakesHat
3 Replies

6. Shell Programming and Scripting

How can view log messages between two time frame from /var/log/message or any type of log files

How can view log messages between two time frame from /var/log/message or any type of log files. when logfiles are very big and especially many messages with in few minutes, I would like to display log messages between 5 minute interval. Could you pls give me the command? (1 Reply)
Discussion started by: johnveslin
1 Replies

7. Solaris

Difference between /var/log/syslog and /var/adm/messages

Hi, Is the contents in /var/log/syslog and /var/adm/messages are same?? Regards (3 Replies)
Discussion started by: vks47
3 Replies

8. UNIX for Advanced & Expert Users

/var/adm/messages vs /var/log/messages

The /var/adm/messages in Solaris seem to log more system messages/errors compared to /var/log/messages in Linux. I checked the log level in Linux and they seem OK. Is there any other log file that contains the messages or is it just that Linux doesn't log great many things? (2 Replies)
Discussion started by: gomes1333
2 Replies

9. Solaris

diff b/w /var/log/syslog and /var/adm/messages

hi sirs can u tell the difference between /var/log/syslogs and /var/adm/messages in my working place i am having two servers. in one servers messages file is empty and syslog file is going on increasing.. and in another servers message file is going on increasing but syslog file is... (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies

10. UNIX for Dummies Questions & Answers

/var/log/messages

Which programm, deamon or script is responsible for filling the file /var/log/messages ? (1 Reply)
Discussion started by: Cozmic
1 Replies
Login or Register to Ask a Question