This pull request adds support for writing to syslog directly.
The motivation of this pull request is to provide an easy, consistent way to write to syslog. It's certainly possible to do this already, but it requires additional code (a custom formatter for the priority field) and additional configuration (a format for the syslog message, and the socket address for the syslog daemon). As this code and config needs to be copied+pasted between various projects, it is a tedious and error-prone process, and it would be better for seelog to provide the capability in a much simpler manner.
The minimal usage of the syslog support is a config as follows:
<seelog>
<outputs>
<syslog/>
</outputs>
</seelog>
This will tell seelog to connect to the local syslog daemon (using the same logic as Go's syslog package, where it tries a few different Unix sockets). The <syslog> element's behaviour differs in one respect from the norm: it doesn't derive the format from its parent element, but rather uses the new format std:syslog-bsd-local (unless overridden with a formatid= attribute). Although it is a departure from the behaviour of the other elements, it does minimise the amount of configuration required to get going, which is my primary motivation here.
If writing to a remote syslog daemon is desired, then the existing <conn> receiver can be used along with a new predefined format:
<seelog>
<outputs>
<conn net="tcp" addr="sysloghost:5514" formatid="std:syslog-rfc5424"/>
<!-- std:syslog-bsd is also provided -->
</outputs>
</seelog>
The new formats are defined as follows:
syslog-bsd-local: maps to %SyslogPriority%Date(Jan _2 15:04:05) %AppName[%PID]: %Msg%n; this matches what Go/glibc will write to a local syslog daemon, and is the required format for most syslog daemons.
syslog-bsd: as syslog-bsd-localexcept it adds a %Hostname after the date. This matches RFC3164. This format is not used locally, but is used when sending syslog entries over the network.
syslog-rfc5424: maps to %SyslogPriority()1%UTCDate(2006-01-25T15:04:05.000000000Z07:00) %Hostname %AppName %PID - - %Msg%n; this is a more up-to-date format with innovations such as actually printing the year in the timestamp (and using a sensible RFC3339 timestamp format).
A few new formatters were added to support this:
%Hostname and %PID are obvious
%AppName is taken from the file part of os.Args[0], matching the behaviour of glibc/Go
%SyslogPriority is a new formatter that produces the <PRIORITY> token required by the syslog protocol. It defaults to using the LOG_DAEMON facility and mapping log levels as (TraceLvl/DebugLvl→LOG_DEBUG; InfoLvl→LOG_INFO, WarningLvl→LOG_WARNING, ErrorLvl→LOG_ERR, CriticalLvl→LOG_CRIT), but can be overridden.
An example configuration where we want to override the facility and log level mapping:
lwithers
commented
7 years ago
This pull request adds support for writing to syslog directly.
The motivation of this pull request is to provide an easy, consistent way to write to syslog. It's certainly possible to do this already, but it requires additional code (a custom formatter for the priority field) and additional configuration (a format for the syslog message, and the socket address for the syslog daemon). As this code and config needs to be copied+pasted between various projects, it is a tedious and error-prone process, and it would be better for seelog to provide the capability in a much simpler manner.
The minimal usage of the syslog support is a config as follows:
This will tell seelog to connect to the local syslog daemon (using the same logic as Go's syslog package, where it tries a few different Unix sockets). The
<syslog>element's behaviour differs in one respect from the norm: it doesn't derive the format from its parent element, but rather uses the new formatstd:syslog-bsd-local(unless overridden with aformatid=attribute). Although it is a departure from the behaviour of the other elements, it does minimise the amount of configuration required to get going, which is my primary motivation here.If writing to a remote syslog daemon is desired, then the existing
<conn>receiver can be used along with a new predefined format:The new formats are defined as follows:
syslog-bsd-local: maps to%SyslogPriority%Date(Jan _2 15:04:05) %AppName[%PID]: %Msg%n; this matches what Go/glibc will write to a local syslog daemon, and is the required format for most syslog daemons.syslog-bsd: assyslog-bsd-localexcept it adds a%Hostnameafter the date. This matches RFC3164. This format is not used locally, but is used when sending syslog entries over the network.syslog-rfc5424: maps to%SyslogPriority()1%UTCDate(2006-01-25T15:04:05.000000000Z07:00) %Hostname %AppName %PID - - %Msg%n; this is a more up-to-date format with innovations such as actually printing the year in the timestamp (and using a sensible RFC3339 timestamp format).A few new formatters were added to support this:
%Hostnameand%PIDare obvious%AppNameis taken from the file part ofos.Args[0], matching the behaviour of glibc/Go%SyslogPriorityis a new formatter that produces the<PRIORITY>token required by the syslog protocol. It defaults to using theLOG_DAEMONfacility and mapping log levels as (TraceLvl/DebugLvl→LOG_DEBUG;InfoLvl→LOG_INFO,WarningLvl→LOG_WARNING,ErrorLvl→LOG_ERR,CriticalLvl→LOG_CRIT), but can be overridden.An example configuration where we want to override the facility and log level mapping: