.--.  .--.              .--.
.-----.--.--.-----|  |--|  :-----.-----.--|  |
|__ --|  |  |__ --|    <|  |  _  |  _  |  _  |    RFC3164 :: syslogd for Linux
|_____|___  |_____|__|__|__|_____|___  |_____|    RFC5424 :: w/NetBSD syslogp()
      |_____|                    |_____|

<23>Aug 24 05:14:15 192.0.2.1 myproc[8710]: Kilroy was here.
<23>1 2019-11-04T00:50:15.001234+01:00 troglobit myproc 8710 - - Kilroy was here.

Table of Contents

• Introduction
• Using -lsyslog
• Build & Install
• Building from GIT
• Origin & References

Tip: the Gentoo project has a very nice article detailing sysklogd ➤ https://wiki.gentoo.org/wiki/Sysklogd

Introduction

This is the continuation of the original Debian/Ubuntu syslog daemon, updated with full RFC3164 and RFC5424 support from NetBSD and FreeBSD. The package includes the libsyslog.{a,so} library with a syslog.h header replacement, the syslogd daemon, and a command line tool called logger.

• https://man.troglobit.com/man1/logger.1.html
• https://man.troglobit.com/man8/syslogd.8.html
• https://man.troglobit.com/man5/syslog.conf.5.html

libsyslog and syslog/syslog.h, derived directly from NetBSD, expose syslogp() and other new features available only in RFC5424:

• https://man.troglobit.com/man3/syslogp.3.html
• https://netbsd.gw.com/cgi-bin/man-cgi?syslog+3+NetBSD-current

The syslogd daemon is an enhanced version of the standard Berkeley utility program, updated with DNA from FreeBSD. It provides logging of messages received from the kernel, programs and facilities on the local host as well as messages from remote hosts. Although fully compatible with standard C-library implementations of the syslog() API (GLIBC, musl libc, uClibc), libsyslog must be used in your application to unlock the new RFC5424 syslogp() API.

The included logger tool is primarily made for use with sysklogd, but can be used stand-alone too. It is not command line compatible with the "standard" Linux logger tool from the bsdutils project. Instead it is compatible with the actual BSD logger tool(s) -- only major difference is its support for -I PID, similar to the bsdutils --id=PID. The logger tool can be used from the command line, or script, to send both RFC5424 (default) and old-style (BSD) RFC3164 formatted messages using libsyslog to syslogd for local processing, or to a remote server.

Main differences from the original sysklogd package are:

• The separate klogd daemon is no longer part of the sysklogd project, syslogd now natively supports logging kernel messages as well
• Major command line changes to syslogd, for compatibilty with *BSD
• Supports include /etc/syslog.d/*.conf directive, see example .conf
• Built-in log-rotation support, with compression by default, useful for embedded systems. No need for cron and/or a separate log rotate daemon
• Full RFC3164 and RFC5424 support from NetBSD and FreeBSD
• Support for sending RFC3164 style remote syslog messages, including timestamp and hostname. Defaults to send w/o for compatibility
• Support for sending RFC5424 style remote syslog messages
• Support for sending messages to a custom port on a remote server
• Support for listening to a custom port
• Support for remote peer filtering, from FreeBSD
• Support for disabling DNS reverse lookups for each remote log message
• Support for FreeBSD Secure Mode, remote logging enabled by default(!)
• Includes a fit for purpose logger tool, compatible with syslogd, leveraging the full RFC5424 capabilities (msgid etc.)
• Includes a syslog library and system header replacement for logging
• FreeBSD socket receive buffer size patch
• Avoid blocking syslogd if console is backed up
• Touch PID file on SIGHUP, for integration with Finit
• GNU configure & build system to ease porting/cross-compiling
• Support for configuring remote syslog timeout

Please file bug reports, or send pull requests for bug fixes and/or proposed extensions at GitHub.

Using -lsyslog

libsyslog is by default installed as a library with a header file:

#include <syslog/syslog.h>

The output from the pkg-config tool holds no surprises:

$ pkg-config --libs --static --cflags libsyslog
-I/usr/local/include -L/usr/local/lib -lsyslog

The prefix path /usr/local/ shown here is only the default. Use the configure script to select a different prefix when installing libsyslog.

For GNU autotools based projects, instead of issuing the pkg-config command manually, use the following in configure.ac:

# Check for required libraries
PKG_CHECK_MODULES([syslog], [libsyslog >= 2.0])

and for your "proggy" in Makefile.am:

proggy_CFLAGS = $(syslog_CFLAGS)
proggy_LDADD  = $(syslog_LIBS)

The distribution comes with an example program that utilizes the NetBSD API and links against libsyslog.

Build & Install

The GNU Configure & Build system use /usr/local as the default install prefix. In many cases this is useful, but this means the configuration files and cache files will also use that same prefix. Most users have come to expect those files in /etc/ and /var/run/ and configure has a few useful options that are recommended to use:

./configure --prefix=/usr --sysconfdir=/etc --runstatedir=/run
make -j5
sudo make install-strip

You may want to remove the --prefix=/usr option. Most users prefer non-distro binaries in /usr/local or /opt.

Note: the --runstatedir option should point to a filesystem that is cleaned at reboot. syslogd relies on this for its syslogd.cache file, which keeps track of the last read kernel log message from /dev/kmsg.

Building from GIT

If you want to contribute, or just try out the latest but unreleased features, then you need to know a few things about the GNU build system:

• configure.ac and a per-directory Makefile.am are key files
• configure and Makefile.in are generated from autogen.sh, they are not stored in GIT but automatically generated for the release tarballs
• Makefile is generated by configure script

To build from GIT you first need to clone the repository and run the autogen.sh script. This requires automake and autoconf to be installed on your system.

git clone https://github.com/troglobit/sysklogd.git
cd sysklogd/
./autogen.sh
./configure && make

GIT sources are a moving target and are not recommended for production systems, unless you know what you are doing!

Note: some systems may have an older, or a vanilla, version of the GNU autoconf package that does not support --runstatedir (above). Users on such systems are recommended to use --localstatedir, the $runstatedir used by sysklogd is derived from that if missing.

Origin & References

This is the continuation of the original sysklogd by Dr. G.W. Wettstein and Martin Schulze. Currently maintained, and almost completely rewritten by Joachim Wiberg, who spliced in fresh DNA strands from the NetBSD and FreeBSD projects. Much of the code base is NetBSD, but the command line interface is FreeBSD.

Note: the project name remains sysklogd, which was a combination of the names of the two main daemons, syslogd and klogd. However, since v2.0 klogd no longer exists, kernel logging is now native to syslogd.

The project was previously licensed under the GNU GPL, but since the removal of klogd, man pages, and resync with the BSDs the project is now 3-clause BSD licensed.