socklog
socklog - examples
listening on unix domain dgram socket /dev/log:
- a sample socklog-unix/run script:
#!/bin/sh exec 2>&1 exec softlimit -m 2000000 envuidgid nobody socklog unix /dev/log
- a sample socklog-unix/log/run script:
#!/bin/sh LOGDIR=/var/log/socklog exec setuidgid log multilog ${LOGDIR}/main \ s999999 n10 -* +kern.* ${LOGDIR}/kern \ s999999 n10 -* +user.* ${LOGDIR}/user \ s999999 n10 -* +mail.* ${LOGDIR}/mail \ s999999 n10 -* +daemon.* ${LOGDIR}/daemon \ s999999 n10 -* +auth.* +authpriv.* ${LOGDIR}/auth \ s999999 n10 -* +syslog.* ${LOGDIR}/syslog \ s999999 n10 -* +news.* ${LOGDIR}/news \ s999999 n10 -* +cron.* ${LOGDIR}/cron \ s999999 n10 -* +ftp.* ${LOGDIR}/ftp \ s999999 n10 -* +local*.* ${LOGDIR}/local \ s999999 n10 -* +*.debug* ${LOGDIR}/debug - if you want additional
tai64n
(# man tai64n) timestamps prepended to each message, use this
socklog-unix/log/run script as example:
#!/bin/sh LOGDIR=/var/log/socklog exec setuidgid log multilog t ${LOGDIR}/main \ s999999 n10 -* +'* kern.*' ${LOGDIR}/kern \ s999999 n10 -* +'* user.*' ${LOGDIR}/user \ s999999 n10 -* +'* mail.*' ${LOGDIR}/mail \ s999999 n10 -* +'* daemon.*' ${LOGDIR}/daemon \ s999999 n10 -* +'* auth.*' +authpriv.* ${LOGDIR}/auth \ s999999 n10 -* +'* syslog.*' ${LOGDIR}/syslog \ s999999 n10 -* +'* news.*' ${LOGDIR}/news \ s999999 n10 -* +'* cron.*' ${LOGDIR}/cron \ s999999 n10 -* +'* ftp.*' ${LOGDIR}/ftp \ s999999 n10 -* +'* local*.*' ${LOGDIR}/local \ s999999 n10 -* +'* *.debug*' ${LOGDIR}/debugnote that multilog (# man multilog) patterns apply to the timestamps.
listening on udp network socket 0.0.0.0:514:
- a sample socklog-inet/run script is:
#!/bin/sh exec 2>&1 exec softlimit -m 2000000 envuidgid nobody socklog inet 0 514
- a sample socklog-inet/log/run script is:
#!/bin/sh LOGDIR=/var/log/socklog-remote exec setuidgid log multilog t ${LOGDIR}/main \ s4999999 n10 -* +'* 10.0.0.2:*' ${LOGDIR}/10.0.0.2 \ s4999999 n10 -* +'* 10.0.0.17:*' ${LOGDIR}/10.0.0.17
listening on unix domain stream socket /dev/log:
- a sample socklog-ucspi-unix/run script:
#!/bin/sh exec 2>&1 exec exec softlimit -m 2000000 \ unixserver -U `id -u nobody` /dev/log -- \ socklog ucspi UNIXREMOTEEUID UNIXREMOTEEGID - a sample socklog-ucspi-unix/log/run script:
#!/bin/sh LOGDIR=/var/log/socklog exec setuidgid log multilog ${LOGDIR}/main \ s999999 n10 -* +'*: *: kern.*' ${LOGDIR}/kern \ s999999 n10 -* +'*: *: user.*' ${LOGDIR}/user \ s999999 n10 -* +'*: *: mail.*' ${LOGDIR}/mail \ s999999 n10 -* +'*: *: daemon.*' ${LOGDIR}/daemon \ s999999 n10 -* +'*: *: auth.*' +authpriv.* ${LOGDIR}/auth \ s999999 n10 -* +'*: *: syslog.*' ${LOGDIR}/syslog \ s999999 n10 -* +'*: *: news.*' ${LOGDIR}/news \ s999999 n10 -* +'*: *: cron.*' ${LOGDIR}/cron \ s999999 n10 -* +'*: *: ftp.*' ${LOGDIR}/ftp \ s999999 n10 -* +'*: *: local*.*' ${LOGDIR}/local \ s999999 n10 -* +'*: *: *.debug*' ${LOGDIR}/debug
reading kernel messages from /dev/klog on BSD:
- a sample socklog-klog/run script on BSD:
#!/bin/sh exec </dev/klog exec 2>&1 exec softlimit -m 2000000 setuidgid nobody socklog ucspi
- a sample socklog-klog/log/run:
#!/bin/sh LOGDIR=/var/log/socklog-klog exec setuidgid log multilog t ${LOGDIR}/main
A client for socklog network logging:
- a sample socklog-unix/log/run script that transmits the logs
to a network logging server running the socklog-ucspi-tcp service is:
#!/bin/sh LOGDIR=/var/log/socklog LOGSERVERIP=10.0.0.16 PORT=10116 exec setuidgid log multilog s4096 n20 \ !'tryto -pv tcpclient -v $LOGSERVERIP $PORT sh -c "cat >&7"' \ ${LOGDIR}/main
log events notification with wall:
- a sample socklog-notify/run script that uses
wall for notification is:
#!/bin/sh -e PIPE=/var/log/socklog/.notify if [ ! -p "$PIPE" ]; then mkfifo -m0620 "$PIPE"; chown log:adm "$PIPE"; fi exec <> "$PIPE" exec setuidgid log uncat -s49999 -t180 \ sh -c 'head | wall'
Gerrit Pape <pape@smarden.org> $Id: examples.html,v 1.12 2002/05/31 12:38:49 pape Exp $