[PATCH] log the facility/priority in the log files

From: Miller, Scott L (Scott.L.Miller@hp.com)
Date: Fri Sep 13 2002 - 21:54:19 CEST

Next message: Miller, Scott L: "RE: [PATCH] log the facility/priority in the log files"

Previous message: John Hughes: "RE : syslog patches"
Next in thread: Miller, Scott L: "RE: [PATCH] log the facility/priority in the log files"
Maybe reply: Miller, Scott L: "RE: [PATCH] log the facility/priority in the log files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

Attached is a patch that adds the option to have the facility and
the priority that is attached to the message, logged to the log files
along with the message. The placement of this information is between
the date/time stamp, and the hostname or IP address. There are 3
basic formats available: name.name, value.value, and raw-integer.

If you are reading this, you should already be aware that the facility
and priority are lumped together in raw-integer form, with the 3 least
significant binary digits making up the priority of the message, and the
remaining binary digits making up the facility of the message. Thus the
shortest, yet least recognizable format would be raw-integer. The next
shortest, still somewhat cryptic form would be value.value, and the format
everyone should be able make sense of being name.name, but that takes upto
17 bytes, which added to otherwise large messages, could make them quite
unwieldy. And if you don't care about that space, you can mix the formats
in any combination you like including all representations.

The command line arguement I added for this was -y <value>. The mnemonic
I used to come up with that is "why is this message in this log file?".
The values for the representations are 1, 2 & 4 respective of the above
mention. To get combinations, add the numbers together: 3 is both
name.name and value.value, 7 is all three representations. Illegal values
cause sysklog to print the usage message.

Some example output using "-y 5" (names and raw int)
Sep 12 13:46:50 [auth.notice<37>] testbox su(pam_unix)[14266]: authentication failure; [message truncated by me...]
Sep 12 13:47:01 [auth.info<38>] testbox su(pam_unix)[14310]: session opened for user root by netman(uid=500)
Sep 12 13:47:23 [kern.info<6>] testbox kernel: Kernel log daemon terminating.
Sep 12 13:47:24 [local0.notice<133>] testbox syslog: klogd shutdown succeeded
Sep 12 13:47:24 [syslog.info<46>] testbox exiting on signal 15

Same messages using "-y 2" (only value.value)
Sep 12 13:46:50 [32.5] testbox su(pam_unix)[14266]: authentication failure; [message truncated by me...]
Sep 12 13:47:01 [32.6] testbox su(pam_unix)[14310]: session opened for user root by netman(uid=500)
Sep 12 13:47:23 [0.6] testbox kernel: Kernel log daemon terminating.
Sep 12 13:47:24 [128.5] testbox syslog: klogd shutdown succeeded
Sep 12 13:47:24 [40.6] testbox exiting on signal 15

Same messages using "-y 7" (names, value.value and raw int)
Sep 12 13:46:50 [auth.notice(32.5)<37>] testbox su(pam_unix)[14266]: authentication failure; [message truncated by me...]
Sep 12 13:47:01 [auth.info(32.6)<38>] testbox su(pam_unix)[14310]: session opened for user root by netman(uid=500)
Sep 12 13:47:23 [kern.info(0.6)<6>] testbox kernel: Kernel log daemon terminating.
Sep 12 13:47:24 [local0.notice(128.5)<133>] testbox syslog: klogd shutdown succeeded
Sep 12 13:47:24 [syslog.info(40.6)<46>] testbox exiting on signal 15

Pros to this patch:
o It allows one to write scripts that are able to use the severity of
   a message if the message itself doesn't include it (like the messages
   above).
o It allows administrators to separate information from the logs if that
   sort of thing is ever needed AFTER the messages are in the logs.
o It is not on by default. If you don't want it, it won't show up to
   mess up the scripts you've already written and don't want to edit.

Cons:
o If used, it will most likely mess up scripts you've already written
   so you'll have to modify them.
o Allows system administrators to stuff all logging into one file,
   AND it lets them parse that file later to split out portions
   pertaining to whatever criteria they may have.

=========End of general explaination==========

I went through the patch and noticed there were a few more things
in there than I expected; I fixed several beginnings of lines that
were spaced out rather than tabbed out, so there are a bunch of white
space differences. Then there are a few where I didn't make the change;
I grabbed the original source off infodrom, made my changes, and these
magically appeared. The first of these is two places where ints were
replaced by size_t's, and there are two places where the flag
O_LARGEFILE was added to the open() calls. I didn't notice anything
else that magically appeared, but wouldn't guarantee nothing else is
there.

Also, I went through the trouble to explain what the <value> meant
in the usage message, this may not be desirable, as the info is
available in the modified man page. I didn't touch the version info,
nor the CHANGES file in this patch.

-Humbly submitted, comments welcome

Scott L. Miller
Senior Network Engineer
HP Direct
Omaha, NE

application/octet-stream attachment: sysklog.diff

Next message: Miller, Scott L: "RE: [PATCH] log the facility/priority in the log files"
Previous message: John Hughes: "RE : syslog patches"
Next in thread: Miller, Scott L: "RE: [PATCH] log the facility/priority in the log files"
Maybe reply: Miller, Scott L: "RE: [PATCH] log the facility/priority in the log files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 13 2002 - 21:54:29 CEST