1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>socklog - system and kernel logging services</title>
</head>
<body>
<a href="https://smarden.org/pape/">G. Pape</a>
<hr>
<h1>socklog - system and kernel logging services</h1>
<hr>
<a href="install.html">How to install socklog</a><br>
<a href="upgrade.html">Upgrading from previous versions of socklog</a><br>
<a href="usedietlibc.html">How to use dietlibc</a><br>
<a href="readme.solaris.html">Using on solaris</a>
<p>
<a href="benefits.html">Benefits</a><br>
<a href="configuration.html">Configuration</a><br>
<a href="examples.html">Examples</a><br>
<a href="network.html">Network logging</a><br>
<a href="notify.html">Log events notification</a>
<p>
<a href="socklog-conf.8.html">The <tt>socklog-conf</tt> program</a><br>
<a href="socklog.8.html">The <tt>socklog</tt> program</a><br>
<a href="tryto.1.html">The <tt>tryto</tt> program</a><br>
<a href="uncat.1.html">The <tt>uncat</tt> program</a>
<hr>
<i>socklog</i>, in cooperation with the
<a href="https://smarden.org/runit/">runit</a> package, is a small and
secure replacement for syslogd.
There are three main features syslogd provides:
<ul>
<li>
receiving syslog messages from an unix domain socket
("<tt>/dev/log</tt>") and writing them to various files on disk
depending on <tt>facility</tt> and <tt>priority</tt>.
<li>
receiving syslog messages from an udp socket
("<tt>0.0.0.0:514</tt>") and writing them to various files on
disk depending on <tt>facility</tt> and <tt>priority</tt>.
<li>
writing received syslog messages to an udp socket
("<tt>a.b.c.d:514</tt>")
</ul>
<p>
<i>socklog</i> provides these features with the help of
<a href="https://smarden.org/runit/">runit</a>'s
<a href="https://smarden.org/runit/runsvdir.8.html">runsvdir</a>,
<a href="https://smarden.org/runit/runsv.8.html">runsv</a>,
and <a href="https://smarden.org/runit/svlogd.8.html">svlogd</a>,
provides a different
<a href="network.html">network logging concept</a>, and additionally
does <a href="notify.html">log event notification</a>.
<p>
<a href="https://smarden.org/runit/svlogd.8.html">svlogd</a>
has a built in
<a href="benefits.html#logrotation">log file rotation based on file size</a>,
so there is no need for any cron jobs or similar to rotate the logs.
Log partitions can be calculated properly.
<p>
<i>socklog</i> runs on <b>Linux</b>, glibc 2.1.0 or higher, or dietlibc,
<b>Open-BSD</b>, and <b>Free-BSD</b>.
<i>socklog</i> reportedly runs on <b>Solaris</b> and <b>Net-BSD</b>.
<p>
<i>socklog</i> is small, secure, reliable.
<hr>
Contribute to <i>socklog</i> through
<a href="https://github.com/g-pape/socklog/">GitHub socklog</a>.
<hr>
<p>
<i>socklog</i> is run under
<a href="https://smarden.org/runit/">runit</a>'s
<a href="https://smarden.org/runit/runsv.8.html">runsv</a>,
writing syslog messages it receives from an unix domain
socket <tt>path</tt> ("<tt>/dev/log</tt>") or an inet udp socket
<tt>ip:port</tt> ("<tt>0.0.0.0:514</tt>") through a pipe
provided by
<a href="https://smarden.org/runit/runsv.8.html">runsv</a>
to a <a href="https://smarden.org/runit/svlogd.8.html">svlogd</a>
process.
<p>
<i>socklog</i> can be run as an
<a href="https://cr.yp.to/proto/ucspi.txt">ucspi</a> application to
listen to an unix domain stream socket and for centralized or more
flexible distributed logging (see
<a href="network.html">network logging</a>).
<p>
If <i>socklog</i> listens to an udp socket, it prepends <tt>ip:</tt>
("<tt>a.b.c.d: </tt>") to each syslog message it receives,
where <tt>a.b.c.d</tt> is the ip address of the connecting system.
<p>
If the environment variables <tt>$UID</tt> and/or <tt>$GID</tt> are present,
<i>socklog</i> drops permissions to those ids after creating and binding
to the socket (not in
<a href="https://cr.yp.to/proto/ucspi.txt">ucspi</a> mode).
<p>
<i>socklog</i> converts syslog <tt>facility</tt> and <tt>priority</tt>
information to names ("<tt>facility.priority</tt>") as found in
<tt>/usr/include/syslog.h</tt>
at compile time if present, you can use this for
<a href="https://smarden.org/runit/svlogd.8.html">svlogd</a>'s line
selecting by pattern.
<hr>
A proper <tt>run</tt> file for
<a href="https://smarden.org/runit/runsv.8.html">runsv</a> is:
<pre>
#!/bin/sh
exec 2>&1
exec chpst -Unobody socklog unix /dev/log
</pre>
<p>
A proper <tt>log/run</tt> file for
<a href="https://smarden.org/runit/runsv.8.html">runsv</a> is:
<pre>
#!/bin/sh
exec chpst -ulog svlogd -t main/*
</pre>
<hr>
See <a href="install.html">INSTALL</a> on how to install <i>socklog</i>
and <a href="configuration.html">Configuration</a> for setting up
<i>socklog</i> services.
<hr>
See <a href="https://smarden.org/socklog/">https://smarden.org/socklog/</a>
for recent informations.
<hr>
<address><a href="mailto:pape@smarden.org">
Gerrit Pape <pape@smarden.org>
</a></address>
</body>
</html>
|
