socklog - log events notification

Set up the socklog-notify service as described in Configuration to ensure that the named pipe /var/log/socklog/.notify exists. Do not delete this file after creation.

Read disable notifications before stopping the socklog-notify service once it is started.

socklog-notify is handled by the uncat program.

how to configure log events

Make sure the account running this log service is member of the socklog group adm. If it isn't, change it now. Make sure that the socklog-notify service is running.

Redirect the standard error output of svlogd to the named pipe socklog-notify is reading from. To do so, insert exec 2> /var/log/socklog/.notify as second line into /var/service/socklog-unix/log/run:

  #!/bin/sh
  exec 2> /var/log/socklog/.notify
  exec setuidgid log svlogd \
    main/main main/auth main/cron main/daemon main/debug main/ftp \
    main/kern main/local main/mail main/news main/syslog main/user

To configure additional log events in /var/log/socklog/main/, use the e instruction in the config file of this log, see the svlogd man page. For example, if you want to be notified about all log messages of the priority alert, add a corresponding e instruction to the config file /var/log/socklog/main/config like this:

  s999999
  n10
  e*.alert: *

  # sv hup socklog-unix/log

how to configure the notification

To configure the kind of notification, edit /etc/sv/socklog-notify/run and change the prog argument of uncat to your needs. This example uses sms_client to notify:

  #!/bin/sh -e
  PIPE=/var/log/socklog/.notify
  if [ ! -p "$PIPE" ]; then mkfifo -m0620 "$PIPE"; chown log:adm "$PIPE"; fi
  exec <> "$PIPE"
  exec setuidgid log uncat -s49999 -t90 \
    sh -c 'head -c140 | sms_client pager'

  # sv restart socklog-notify

Another example using wall:

  exec setuidgid log uncat -vs49999 -t180 sh -c 'head | wall'

  # grep -F /var/log/socklog/.notify /var/service/*/log/run

  # sv restart <service>/log