3

I am logging messages like this in perl - 

syslog ("LOG_INFO", "this is info");
syslog ("LOG_WARNING", "this is warning");

when I see these messages, I get this- 

Nov 15 20:20:47 ubuntu tag-0.0.2[13399]: this is info
Nov 15 20:20:47 ubuntu tag-0.0.2[13399]: this is warning

The word "ubuntu" in syslog message happens to be host name of the local host.

Is there a way I can log locally and but specify a hostname?

My app processes data from other hosts and logs information about them. It will be great if I can specify the host name when I log messages, this way I can use third party tools easily as they can easily filter out logs based upon hostname.

btw, if I can add additional question- why are the logs not showing level of message? shouldn't I expect to see "info" in info syslog message I am logging ?

user837208
  • 2,487
  • 7
  • 37
  • 54
  • 1
    Are you receiving the logs using something like standard `syslog` on UDP 514, or `syslog` on TCP 514, or `rsyslog`'s [RELP](http://www.librelp.com/) connection? Or is this all being done on log messages "after the fact", on a single machine? – sarnold Nov 16 '11 at 02:10
  • I am reading my log messages using `tail -f /var/log/syslog` command...these messages are being written locally. How do I figure out if these are coming from tcp/udp/relp? – user837208 Nov 16 '11 at 02:20
  • Are your other hosts set to forward messages to your local machine automatically? In that case, it normally "just works" -- at least, under `rsyslog(8)`. Other syslog daemons may not send the required `Host` headers: http://www.rsyslog.com/article19/ – sarnold Nov 16 '11 at 02:26
  • not really.. I am not accepting syslog messages from other hosts. I want to put logs locally but specify my own hostname – user837208 Nov 16 '11 at 02:27

2 Answers2

2

Probably the easiest way to accomplish this task is to set the syslog to receive messages over the network. For rsyslog, this is often in /etc/rsyslog.conf:

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

I'm using UDP here because it is easy to do on just about any syslog daemon and demonstrating it is easy:

$ echo "<0>Oct 11 22:14:15 mymachine testing" | nc -u localhost syslog
^C
$ tail -1 /var/log/syslog
Oct 11 22:14:15 mymachine testing

In short: the <nnn> represents the facility and priority, as described in section 4.1.1 of the RFC. The timestamp is highly specified in 4.1.2: in short, three-letter English month abbreviations, no leading 0 -- instead a leading space: Aug__8 rather than Aug_8 (underscores used because spaces collapse in code blocks). The hostname can't have any domain portions. IP addresses are fine, both IPv4 and IPv6.

You could also use Unix domain sockets (unix(7)) such as /dev/log. That would be more reliable than UDP.

sarnold
  • 102,305
  • 22
  • 181
  • 238
  • Heh, thanks to you, too -- this was my first time poking into the syslog on-the-wire protocol, and I don't know why I'm so surprised it is so human-friendly. I expected a horrible pile of ASN.1-style structures. – sarnold Nov 16 '11 at 09:26
0

Unfortunately, I don't believe it is possible to specify a hostname if you are logging locally.

Also, you are not supposed to be seeing 'info' in front of your logs. The log level affects where the messages go (you can customize this in /etc/syslog.conf). By default, LOG_INFO and LOG_WARNING go to /var/log/messages.log and LOG_EMERG and LOG_ERR go to /var/log/errors.log. The level does not appear in the output.

Jarek
  • 1,320
  • 3
  • 11
  • 19