syslog basic querry

Max Okumoto max at kiyon.com
Tue Dec 27 17:47:04 UTC 2005


Hi Alfred,

alfred hitch <alfred.hitch at gmail.com> wrote: Hi Rushi,

thanks for your response.
We were invoking syslogd without any options. So, that will solve the
reap size etc.

1) BUT, the bigger issue of logs not coming still remain. Observations / test sequence is very simple.

-> syslogd &
-> programs / daemons writting using syslog() functions.
-> tail -f /var/log/messages &
-> We can see logs on screen till messages isnt moved to messages.old
After that we have to issue another tail -f /var/log/messages.
Last tail will also work only till another round of reap.

I am surprised noone has observed this. Is everyone using a big log file on their boxes ?
This would happen on any unix machine.  The tail program
 never reopens the file being monitored.  So when syslogd
 rotates the log file(s), tail is left behind monitoring the wrong
 log file.
 
 Step 1. The syslogd program in busybox checks the size each
 time something is to be written to the current logfile.  If the size
 is too big it rotates the files.   
 mv __LOG_FILE.(n-1)  __LOG_FILE.(n)
 mv __LOG_FILE.(n-2)  __LOG_FILE(n-1)
 ....
 ..
 mv _LOG_FILE __LOG_FILE.0
 
 Step 2. Syslogd then opens a new logfile
 Step 3. It starts writting to the new log file.
 
 So in your case if you pass no arguments to syslogd on startup
 the default is to retain only one log file.
 
 Step 1. mv /var/log/messages /var/log/messages.0
 Step 2. create a new log file /var/log/messages.
 Step 3. append log message to /var/log/messages.
 
  Tail is still looking at /var/log/messages.0 after the first
 rotation, but after the 2nd rotation the reference to the
 file is removed from the filesystem.
 
2) If one is to not write to flash very often for log messages. How does one works around to get messages across reboots for crashes / other info etc ? delayed writes (again will miss out of last cycle before crash ?)?
  If you can log to another machine that would be best. 
 
 Otherwise you have to write to the flash.  You could write a
 cron job that checks for the existance of /var/log/messages.0,
 filters it for stuff you want to monitor, write the report to flash
 and then removes /var/log/messsages.0
 
 Depending on how/why your system crashes, you could partition
 your ram into a ram disk and then on boot up check if the ram
 disk had a valid logfile in it.
 
                                   Max Okumoto
 
 
Regards,
Alfred


On 12/23/05, Rushi Lala  wrote:
> Usage: syslogd [OPTION]...
>
> Linux system and kernel logging utility.
> Note that this version of syslogd ignores /etc/syslog.conf.
>
> Options:
>         -m MIN          Minutes between MARK lines (default=20, 0=off)
>         -n              Run as a foreground process
>         -O FILE         Use an alternate log file (default=/var/log/messages)
>         -S              Make logging output smaller.
>         -s SIZE         Max size (KB) before rotate (default=200KB, 0=off)
>         -b NUM          Number of rotated logs to keep (default=1,
> max=99, 0=purge)
>         -R HOST[:PORT]  Log to IP or hostname on PORT (default PORT=514/UDP)
>         -L              Log locally and via network logging (default
> is network only)
>         -C [size(KiB)]  Log to a circular buffer (read the buffer using logread)
>
>
> I am using following options when i fire syslogd daemon from rcS
> /etc/init.d/rcS
>
> klogd &
> syslogd -m 120 -S -s 250 -b 2 &
>
>  -m 160       Minutes between MARK lines (default=20, 0=of)
>  -S              Make logging output smaller.
>  -s 250KB    Max size (KB) before rotate (default=200KB, 0=off)
>  -b  2           Number of rotated logs to keep (default=1, max=99, 0=purge)
>
> tail -f should work if syslogd is updating the log file..........How
> do you test this , i mean what events do you use to generate the
> messages ?
>
> Rushi
>
> On 23/12/05, alfred hitch  wrote:
> > Hi,
> >
> > We have just started using busybox syslogd and tail etc ..
> > 2 Questions:
> >
> > 1) How to change the reap size after which syslogd shifts messages
> > from /var/log/messages to messages.old ? and then removes altogether ?
> > any option possible for runtime to syslogd
> >
> > 2) If I do a tail -f /var/log/messages and this file is "reap" ed in background.
> > I dont see any logs coming on screen, of course they are still going
> > to messages file. But, how to keep on getting these on screen also ..
> > some file handling desc. invalid issue ? any work arounds ?
> >
> > Regards,
> > Alfred
> > _______________________________________________
> > busybox mailing list
> > busybox at busybox.net
> > http://busybox.net/cgi-bin/mailman/listinfo/busybox
> >
>
_______________________________________________
busybox mailing list
busybox at busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.busybox.net/pipermail/busybox/attachments/20051227/db493157/attachment.htm 


More information about the busybox mailing list