fintanr's weblog

Archives
« January 2005 »
MonTueWedThuFriSatSun
     
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
      
Today

the links



Twitter Updates

    follow me on Twitter













    blogs.sun.com
    Weblog
    Login



    All | Books | Gadgets | General | JES | OpenSolaris | Perl | Services | Slamd | Solaris | Travels | Tunes

    « Previous day (Jan 6, 2005) | Main | Next day (Jan 7, 2005) »
    20050107 Friday January 07, 2005

    Syslog and a brief diversion into smf
    A question that I've had mailed into me by friends and aquaintances a few times over the last few years is how do I prevent remote machines from logging to my machine. Seeing as it arrived in again today I figured its time for a quick blog on it.

    To disable remote machines using your syslog you just edit /etc/default/syslog and add the line 

    LOG_FROM_REMOTE=NO
    and thats it.....

    The thing is this got me thinking, application developers tend to use syslog quite a lot, but you don't see people using it within scripts etc on a very regular basis. I guess for most things its overkill, but lets say you have a script that is going to create a lot of log data, and in an age old manner your doing something along the lines of open file, append message, close file. All well and good, but quite an expensive operation. Lets say that you want to use syslog to log these items instead, how would you do it?

    Editing syslog.conf

    First off we need to configure syslog to use the log file that we want. To this we will take one of eight local facilities which are available within syslog, local[0-7]. For the purposes of this example lets take local7. (if your wondering why we use these take a look at syslog(3C), and a complete list of facilities is listed in syslog.conf(4) ).

    For each facility we then have associated levels which we can specify actions for. These levels are listed in syslog.conf(4). For the purposes of our example lets say I'm interested in the levels of err, warning, info and debug, and I want any messages like these logged out to /var/log/mytestlog. So in our /etc/syslog.conf file we add the following 

    local7.warning                                  /var/log/mytestlog
local7.info                                     /var/log/mytestlog
local7.debug                                    /var/log/mytestlog
local7.err                                      /var/log/mytestlog
    Now as a note, this is a tab seperated file, and make sure you have it tab seperated as syslogd uses m4(1) to parse it.

    Next up we need to ensure the file actually exists as syslog just appends to it, so just touch the file. And finally we restart syslog. This actually gives us a nice opportunity to take a quick look at smf(5).

    A Quick Diversion into SMF

    Using smf we restart syslog with svcadm(1M). Lets take a look at it first so we can see the contract id's etc. 
    # svcs -l svc:/system/system-log
fmri         svc:/system/system-log:default
name         system log
enabled      true
state        online
next_state   none
restarter    svc:/system/svc/restarter:default
contract_id  95
dependency   require_all/none svc:/milestone/single-user (online)
dependency   require_all/none svc:/system/filesystem/local (online)
    Okay, now restart and look again (the -v is just for blog purposes).... 
    # svcadm -v restart svc:/system/system-log
Action restart set for svc:/system/system-log:default.
# svcs -l svc:/system/system-log
fmri         svc:/system/system-log:default
name         system log
enabled      true
state        online
next_state   none
restarter    svc:/system/svc/restarter:default
contract_id  96
dependency   require_all/none svc:/milestone/single-user (online)
dependency   require_all/none svc:/system/filesystem/local (online)
    So all is running. Now lets say we had done this the old way of stopping and starting syslogd (say the brutal one of pkill syslogd, /usr/sbin/syslogd). With smf if we pkill syslogd it will be automatically restarted. 
    # pgrep syslogd
1262
# pkill syslogd
# pgrep syslogd
1273
# svcs -l svc:/system/system-log
fmri         svc:/system/system-log:default
name         system log
enabled      true
state        online
next_state   none
restarter    svc:/system/svc/restarter:default
contract_id  98
dependency   require_all/none svc:/milestone/single-user (online)
dependency   require_all/none svc:/system/filesystem/local (online)
    Pretty cool eh? Anyway back to our regular scheduled post now...

    Testing our config

    To test our config we can just use the logger(1) command. 
    # logger -p local7.info "mad demented monkeys abound"
# more /var/log/mytestlog
Jan  7 04:38:35 dhcp-syd04-12-6 fintanr: [ID 702911 local7.info] mad demented monkeys abound
    Voila, all working. Now lets do something a bit more usefull with this

    Using Our Custom Syslog In A CGI Script

    Okay, now lets create a very simple example of logging something out while executing a cgi script. First off our perl 
    #!/usr/bin/perl

use CGI qw(:standard);
use CGI::Carp qw(fatalsToBrowser);
use Sys::Syslog;
use strict;

my $message = "Test Info Message";

my $cgi = new CGI;

print $cgi->header();
my ($d, $m) = (localtime)[3,4];

openlog("testSyslog.pl", "info", "local7");
syslog("info", "%s - %02d/%02d/%02d ", $message, ++$m, $d);
closelog();

printf("Logged - %s - %02d/%02d", $message, $m, $d);
    So we stick this into our cgi-bin directory (you know of course that apache comes bundled with Solaris don't you?), and execute it, and in our logfile we see... 
    # tail -f /var/log/mytestlog
Jan  7 04:38:35 dhcp-syd04-12-6 fintanr: [ID 702911 local7.info] mad demented monkeys abound
Jan  7 04:46:20 dhcp-syd04-12-6 testSyslog.pl: Test Info Message - 01/07
    Pretty handy ;).
    (2005-01-06 21:19:57.0) Permalink Comments [0]