G. Pape

socklog - system and kernel logging services


See here for the current development version of socklog.


How to install socklog
Upgrading from previous versions of socklog
How to use dietlibc
Using on solaris

Benefits
Configuration
Examples
Network logging
Log events notification

The socklog-conf program
The socklog program
The tryto program
The uncat program


socklog, in cooperation with the runit package, is a small and secure replacement for syslogd. There are three main features syslogd provides:

socklog provides these features with the help of runit's runsvdir, runsv, and svlogd, provides a different network logging concept, and additionally does log event notification.

svlogd has a built in log file rotation based on file size, so there is no need for any cron jobs or similar to rotate the logs. Log partitions can be calculated properly.

socklog runs on Linux, glibc 2.1.0 or higher, or dietlibc, Open-BSD, and Free-BSD. socklog reportedly runs on Solaris and Net-BSD. If it runs for you on any other operating systems, please let me know.

socklog is small, secure, reliable.


socklog is discussed on the <misc@list.smarden.org> mailing list. To subscribe send an empty email to <misc-subscribe@list.smarden.org>. Send an empty email to <misc-help@list.smarden.org> for more information about this list.

socklog is run under runit's runsv, writing syslog messages it receives from an unix domain socket path ("/dev/log") or an inet udp socket ip:port ("0.0.0.0:514") through a pipe provided by runsv to a svlogd process.

socklog can be run as an ucspi application to listen to an unix domain stream socket and for centralized or more flexible distributed logging (see network logging).

If socklog listens to an udp socket, it prepends ip: ("a.b.c.d: ") to each syslog message it receives, where a.b.c.d is the ip address of the connecting system.

If the environment variables $UID and/or $GID are present, socklog drops permissions to those ids after creating and binding to the socket (not in ucspi mode).

socklog converts syslog facility and priority information to names ("facility.priority") as found in /usr/include/syslog.h at compile time if present, you can use this for svlogd's line selecting by pattern.


A proper run file for runsv is:
  #!/bin/sh
  exec 2>&1
  exec chpst -Unobody socklog unix /dev/log

A proper log/run file for runsv is:

  #!/bin/sh
  exec chpst -ulog svlogd -t main/*

See INSTALL on how to install socklog and Configuration for setting up socklog services.
See http://smarden.org/socklog/ for recent informations.
Gerrit Pape <pape@smarden.org>