This is an implementation of syslog daemon and client for native win32. This stuff is intented to those who is writing portable software or porting unix software to native win32. COMPILING --------- You need Glib to compile this stuff. Compiling from CVS: Run autogen.sh. I used automake 1.8.5, autoconf 2.59 and libtool 1.5.10. With earlier versions it may not work because some command line options aren't supported. Then use configure script as described below. Compiling from source tarball: Just use configure && make. Option --enable-relocatable affects the location of configuration directory: if specified, sysconfdir is prepended with '.'. For example, if you run ./configure --sysconfdir=/etc --enable-relocateble then syslogd.exe and client will read their configuration file from etc subdirectory located in the same directory with executable file. Building binary distribution: Use build.sh. It does all you need. You should have some packages -- look into the script to see which ones. Also, you should have Inno Setup (http://www.jrsoftware.org) with ISPP installed on your system. on unix: You should have cross compiler and Wine installed. Wine is required to run Inno Setup Compiler and the directory in which you are going to build should be accessible via some drive letter. Assuming target triplet is i686-pc-mingw32, iscc is in its default directory "c:\program files\inno setup 5" and required packages are in "./distfiles": DISTFILES=distfiles \ ISCC=c:\\program\ files\\inno\ setup\ 5\\iscc.exe \ HOST=i686-pc-mingw32 \ ./build.sh on windows: I noticed that Msys has troubles running some native command-line applications. So you'll have to run Inno Setup by hand. DISTFILES= \ ./build.sh CONFIGURATION ------------- The configuration file for client is optional. Its name is syslog.host and it should contain host name or address optionally followed by the colon and the port number. By default, port is 514. This may look a bit ugly but if you have a better idea, send me a patch. But keep in mind that client should not have any dependencies like daemon. The configuration file for daemon has XML format. It is not intended to be convinient for human because should be generated by GUI configuration tool. The root element is 'conf'. +-------------+-----------+-------------------------------------------------+ | Element | Attribute | Description | +=============+===========+=================================================+ | source | name | The name of message source. | | | type | There are two source types: 'internal' and | | | | 'udp'. Internal type corresponds to syslogd | | | | itself and 'udp' defines a listening UDP socket.| | | interface | Optional. If source type is udp, it defines | | | | interface the socket will be bound to. Default | | | | is 0.0.0.0. | | | port | Optional. If source type is udp, it defines | | | | listening port number. Default is 514. | +-------------+-----------+-------------------------------------------------+ | destination | name | The name of the destination. | | | file | The pattern for the file name. See below. | | | rotate | daily/weekly/monthly | | | size | Log files are rotated when they grow bigger | | | | then size bytes. If size is followed by M, the | | | | size if assumed to be in megabytes. If the k is | | | | used, the size is in kilobytes. So size 100, | | | | size 100k, and size 100M are all valid. | | | backlogs | Number of backlog files. | | | ifempty | yes/no: rotate the log file even if it is | | | | empty; default is yes. | | | olddir | Logs are moved to this directory for rotation. | | | | If value is a relative path then this directory | | | | will be located in the same directory with | | | | syslogd executable. | | | compresscmd Command (with options) to use to compress log | | | | file. | | | compressoptions Command line options may be passed to the | | | | compression program, if one is in use. Options | | | | may contain $PATHNAME and $FILENAME substrings | | | | which will be replaced with backlog pathname | | | | basename respectively. | +-------------+-----------+-------------------------------------------------+ | filter | name | The name of the filter. | | | | This element has a set of sub-elements | | | | 'facility' and 'priority'. Each of them defines | | | | one value with attribute 'value' in numeric | | | | form or 'name' in verbose form. | +-------------+-----------+-------------------------------------------------+ | logpath | source | The name of the source. | | | filter | Optional. The name of the filter. | | | destination The name of the destination. | +-------------+-----------+-------------------------------------------------+ | purge | directory | Directory to purge. Must be a relative path | | | | inside logdir (see configuration options below) | | | keep_days | How long to keep files. | +-------------+-----------+-------------------------------------------------+ | options | See below | | +-------------+-----------+-------------------------------------------------+ Format characters for the file name pattern: %Y four-digit year %M two-digit month, 01...12 %m month, 1...12 %D two-digit day of month, 01...31 %d day of month, 1...31 %W day of week, 1...7, 1 for sunday %F facility name %f facility in numeric form %L priority level name %l priority level in numeric form %H source host name (a 'device', according to RFC3164) %h sender host name (datagram sender, which may be device or relay) %P program name %% % character Attributes for the element 'options': logdir directory for the log files; if value is a relative path then this directory will be located in the same directory where syslogd executable is. dns yes/no: use resolver to determine sender host name; default is yes. source_encoding convert incoming messages from specified encoding to 'destination_encoding'; do not convert by default. destination_encoding see 'source_encoding' mark_interval interval in second between emissions of mark message; 0 means do not emit mark messages, this is the default value. mark_message content of mark message; "-- MARK --" by default. hold number of seconds to hold a single message in queue; minimum is 1, default is 3 seconds. During this time identical messages are coalesced. IMPLEMENTATION -------------- There are three basic parts of daemon: listener, message processor and message writer. All these parts run in separate threads: the listener receives messages as fast as possible and passes them to the message processor, the message processor performs time-consuming tasks and message writer performs asynchronous output to files. Datagrams are received by the listener. The listener emits raw messages (struct raw_message) which contain content of datagram, sender address and reference to a source described in configuration file. Raw messages are passed to the processing thread via queue. Message processing involves the following tasks: - parse datagram: pick out PRI, TIMESTAMP, HOSTNAME, TAG an CONTENT according to RFC 3164; - convert CONTENT's encoding if specified; - determine sender host name if usedns option is set or just convert IP address to string; the result is saved in hostname cache to speed up subsequent resolutions; - multiplex message to logpaths and apply filters in logpaths; in other words, messages are multiplexed to logpaths through filters; messages in logpaths are represented with references to message structure and message structure contains reference count; Because destination file name may be a pattern, further multiplexing is performed. Messages with similar HOSTNAME, TAG and CONTENT are coalesced. Log rotation is initiated at process startup or at writing thread startup. Old log files are deleted by the purger which is launched at process startup or by the writing thread after file is closed. +--------+ raw message +-----+ +------+ message +-----------------+ |listener|------------>|queue|--->|parser|-------->|charset converter|---> +--------+ +-----+ +------+ +-----------------+ +------+ +-----------+ +-----------+ --->|filter|--->|multiplexer|-+->|destination|+ +------+ +-----------+ +->+-----------+|+ ^ +-> +-----------+| | +-----------+ +-------+ |logpath|+ +-------+|+ +-------+| +-------+ +-----------+ +-----+ +--------------+ destination: >--|multiplexer|-+->|queue|+ ---> |writing thread|+ +-----------+ +->+-----+|+ ---> +--------------+|+ ^ +-> +-----+| ---> +--------------+| | +-----+ +--------------+ +----------------+ |filename pattern| +----------------+