1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
|
This is an implementation of syslog daemon and client for native win32.
This stuff is dedicated to those who is writing portable software or
porting unix software to native win32.
COMPILING
---------
You need Glib to compile this stuff.
Compiling from CVS:
Run autogen.sh. I used automake 1.8.5, autoconf 2.59 and libtool 1.5.10.
With earlier versions it may not work because some command line options
aren't supported.
Then use configure script as described below.
Compiling from source tarball:
Just use configure && make.
Option --enable-relocatable affects the location of configuration directory:
if specified, sysconfdir is prepended with '.'.
For example, if you run ./configure --sysconfdir=/etc --enable-relocateble
then syslogd.exe and client will read their configuration file from etc
subdirectory located in the same directory with executable file.
Building binary distribution:
Use build.sh. It does all you need.
You should have some packages -- look into the script to see which ones.
Also, you should have Inno Setup (http://www.jrsoftware.org) with ISPP
installed on your system.
on unix:
You should have cross compiler and Wine installed. Wine is required to run
Inno Setup Compiler and the directory in which you are going to build should
be accessible via some drive letter.
Assuming target triplet is i686-pc-mingw32, iscc is in its default directory
"c:\program files\inno setup 5" and required packages are in "./distfiles":
DISTFILES=distfiles \
ISCC=c:\\program\ files\\inno\ setup\ 5\\iscc.exe \
HOST=i686-pc-mingw32 \
./build.sh
on windows:
I noticed that Msys has troubles running some native command-line
applications. So you'll have to run Inno Setup by hand.
DISTFILES=<path to the directory with packages> \
./build.sh
CONFIGURATION
-------------
The configuration file for client is optional. Its name is syslog.host
and it should contain host name or address optionally followed by the
colon and the port number. By default, port is 514.
This may look a bit ugly but if you have a better idea, send me a patch.
But keep in mind that client should not have any dependencies like daemon.
The configuration file for daemon has XML format. It is not intended to be
convinient for human because should be generated by GUI configuration tool.
The root element is 'conf'.
+-------------+-----------+-------------------------------------------------+
| Element | Attribute | Description |
+=============+===========+=================================================+
| source | name | The name of message source. |
| | type | There are two source types: 'internal' and |
| | | 'udp'. Internal type corresponds to syslogd |
| | | itself and 'udp' defines a listening UDP socket.|
| | interface | Optional. If source type is udp, it defines |
| | | interface the socket will be bound to. Default |
| | | is 0.0.0.0. |
| | port | Optional. If source type is udp, it defines |
| | | listening port number. Default is 514. |
+-------------+-----------+-------------------------------------------------+
| destination | name | The name of the destination. |
| | file | The pattern for the file name. See below. |
| | rotate | daily/weekly/monthly |
| | size | Log files are rotated when they grow bigger |
| | | then size bytes. If size is followed by M, the |
| | | size if assumed to be in megabytes. If the k is |
| | | used, the size is in kilobytes. So size 100, |
| | | size 100k, and size 100M are all valid. |
| | backlogs | Number of backlog files. |
| | ifempty | yes/no: rotate the log file even if it is |
| | | empty; default is yes. |
| | olddir | Logs are moved to this directory for rotation. |
| | | If value is a relative path then this directory |
| | | will be located in the same directory with |
| | | syslogd executable. |
| | compresscmd Command (with options) to use to compress log |
| | | file. |
| | compressoptions Command line options may be passed to the |
| | | compression program, if one is in use. Options |
| | | may contain $PATHNAME and $FILENAME substrings |
| | | which will be replaced with backlog pathname |
| | | basename respectively. |
+-------------+-----------+-------------------------------------------------+
| filter | name | The name of the filter. |
| | | This element has a set of sub-elements |
| | | 'facility' and 'priority'. Each of them defines |
| | | one value with attribute 'value' in numeric |
| | | form or 'name' in verbose form. |
+-------------+-----------+-------------------------------------------------+
| logpath | source | The name of the source. |
| | filter | Optional. The name of the filter. |
| | destination The name of the destination. |
+-------------+-----------+-------------------------------------------------+
| purge | directory | Directory to purge. Must be a relative path |
| | | inside logdir (see configuration options below) |
| | keep_days | How long to keep files. |
+-------------+-----------+-------------------------------------------------+
| options | See below | |
+-------------+-----------+-------------------------------------------------+
Format characters for the file name pattern:
%Y four-digit year
%M two-digit month, 01...12
%m month, 1...12
%D two-digit day of month, 01...31
%d day of month, 1...31
%W day of week, 1...7, 1 for sunday
%F facility name
%f facility in numeric form
%L priority level name
%l priority level in numeric form
%H source host name (a 'device', according to RFC3164)
%h sender host name (datagram sender, which may be device
or relay)
%P program name
%% % character
Attributes for the element 'options':
logdir directory for the log files; if value is a relative
path then this directory will be located in the same
directory where syslogd executable is.
dns yes/no: use resolver to determine sender host name;
default is yes.
source_encoding convert incoming messages from specified encoding
to 'destination_encoding'; do not convert by default.
destination_encoding see 'source_encoding'
mark_interval interval in second between emissions of mark message;
0 means do not emit mark messages, this is the
default value.
mark_message content of mark message; "-- MARK --" by default.
hold number of seconds to hold a single message in queue;
minimum is 1, default is 3 seconds.
During this time identical messages are coalesced.
IMPLEMENTATION
--------------
There are three basic parts of daemon: listener, message processor and
message writer. All these parts run in separate threads: the listener
receives messages as fast as possible and passes them to the message
processor, the message processor performs time-consuming tasks and
message writer performs asynchronous output to files.
Datagrams are received by the listener. The listener emits raw messages
(struct raw_message) which contain content of datagram, sender address
and reference to a source described in configuration file.
Raw messages are passed to the processing thread via queue.
Message processing involves the following tasks:
- parse datagram: pick out PRI, TIMESTAMP, HOSTNAME, TAG an CONTENT
according to RFC 3164;
- convert CONTENT's encoding if specified;
- determine sender host name if usedns option is set or just convert
IP address to string; the result is saved in hostname cache to speed up
subsequent resolutions;
- multiplex message to logpaths and apply filters in logpaths;
in other words, messages are multiplexed to logpaths through filters;
messages in logpaths are represented with references to message structure
and message structure contains reference count;
Because destination file name may be a pattern, further multiplexing is
performed. Messages with similar HOSTNAME, TAG and CONTENT are coalesced.
Log rotation is initiated at process startup or at writing thread startup.
Old log files are deleted by the purger which is launched at process startup
or by the writing thread after file is closed.
+--------+ raw message +-----+ +------+ message +-----------------+
|listener|------------>|queue|--->|parser|-------->|charset converter|--->
+--------+ +-----+ +------+ +-----------------+
+------+ +-----------+ +-----------+
--->|filter|--->|multiplexer|-+->|destination|+
+------+ +-----------+ +->+-----------+|+
^ +-> +-----------+|
| +-----------+
+-------+
|logpath|+
+-------+|+
+-------+|
+-------+
+-----------+ +-----+ +--------------+
destination: >--|multiplexer|-+->|queue|+ ---> |writing thread|+
+-----------+ +->+-----+|+ ---> +--------------+|+
^ +-> +-----+| ---> +--------------+|
| +-----+ +--------------+
+----------------+
|filename pattern|
+----------------+
|