Syslog - EranOfek/AstroPack GitHub Wiki
Functionality
The MsgLogger class originally had two handlers:
- A console handler that formats and sends the messages to the console
- A file handler that formats and saves the messages to a log file
The additional syslog handler formats and sends the messages via the well established Syslog protocol.
It can be configured, enabled or disabled and the current LogLevel can be set exactly as with the other MsgLogger handlers.
Syslog in a nutshell
The syslog protocol is a veteran of the UNIX ecosystem, now-days implemented in the various Linux distributions by packages like syslog, rsyslog, systemd and others.
It always involves a UDP listener (port 514) that listens to messages on the local machine (127.0.0.1) and uses configuration files for further formatting and redirecting them to files, other processes or other machines.
Messages are labeled with a facility and a severity level
Implementation
The current implementation within the AstroPack:
- Maps the MsgLogger priorities (
Fatal,Error,Debug,Warning, etc.) into the respective pre-defined syslog severity-levels (LOG_CRIT,LOG_ERR,LOG_DEBUG,LOG_WARNING, etc.). - Composes a syslog message according to the standard definition that includes:
- The facility is always 16 (
LOG_LOCAL0). This allows for easy location of our messages in log-files afterwards - The mapped severity-level
- Timestamp
- Originating hostname
- Originating program name and process id
- The original message
- The facility is always 16 (
- Uses a
udpportsocket to send the syslog message to127.0.0.1:514
Syslog in the LAST ecosystem
Management
The subsystem is handled by the logs section of last-tool, as in.
root@last02e:/home/ocs# last-tool -n check logs
[SECT] Logs
[ OK ] config: "/etc/rsyslog.conf" contains 1 "\*\.\* @last0" lines.
[ OK ] config: "imudp" is enabled
[ OK ] directory: "/var/log/ocs" exists.
[ OK ] directory: "/var/log/ocs" owner is ocs.ocs
[ OK ] directory: "/var/log/ocs" access is 775
Where are the logs?
- Each of the
last01[ew]tolast12[ew]machines are configured to forward the messages tolast0 last0is configured to:- Store the messages labeled with the
LOG_LOCAL0functionality into/var/log/remote/<originating-hostname> - Rotate the log files (see below)
- Store the messages labeled with the
ocs@last0:/var/log/remote$ cd
ocs@last0:~$ ls /var/log/remote
10.23.0.18 10.23.0.2 10.23.1.254 last01e last02e last03e last04e last05e last06e last08e last10e last12w wis100mx-smadar-lab.weizmann.ac.il
10.23.0.19 10.23.0.6 10.23.3.9 last01w last02w last03w last04w last05w last06w last08w last10w localhost
ocs@last0:~$ ls /var/log/remote/last01e
auth.log authpriv.log.1 daemon.log kern.log.1 last-messages.log.2.gz last-messages.log.5.gz syslog.log user.log.1
auth.log.1 cron.log daemon.log.1 last-messages.log last-messages.log.3.gz last-messages.log.6.gz syslog.log.1
authpriv.log cron.log.1 kern.log last-messages.log.1 last-messages.log.4.gz last-messages.log.7.gz user.log
The logrotate subsystem is configured on last0 by the /etc/logrotate.d/last-logs file:
ocs@last0:~$ cat /etc/logrotate.d/last-logs
/var/log/remote/*/*.log
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}