I want to use it in my own application, so I use:

#include <syslog.h>
int
main(int argc, char *argv[])
{
  char *me = argv[0];
  openlog(me, LOG_NDELAY, LOG_LOCAL0);
  syslog(LOG_NOTICE,"started.");
}

and then when I want to log something:

  syslog(LOG_ERR,"Unable to connect to %s",remote_host);

So now if I want to log those messages to a separate file, edit /etc/syslog.conf

*.info;mail.none;authpriv.none;cron.none;local0.none    /var/log/messages

# Log myapp stuff (local0)
local0.*                                                /var/log/myapp

If you do a lot of logging, then adding a dash before the filename will not flush after every write, which is more efficient, but runs the risk of loosing information if the plug is pulled.

# Log myapp stuff (local0)
local0.*                                                -/var/log/myapp


And restart with

/etc/rc.d/init.d/syslogd restart

If you want to get syslog to send you an email when something happens, then as root:

mkdir -p /etc/syslog/
mkfifo /etc/syslog/mail.pipe

change /etc/syslog.conf (and restart after with /etc/rc.d/init.d/syslogd restart)

#log myapp to named pipe (logs crit and error messages)
local0.crit   |/etc/syslog/mail.pipe
local0.error   |/etc/syslog/mail.pipe
local.* /var/log/myapp

add this to /usr/sbin/syslogMail (and “chmod 755 /usr/sbin/syslogMail”)

#!/bin/bash

# syslogMail < /etc/syslog/mail.pipe
# run from cron every 5 minutes
# */5 * * * * /usr/sbin/syslogMail < /etc/syslog/mail.pipe

to="me@example.com"
TMOUT=1   #set timeout for read line to 1 second

FILE=/tmp/syslogMail.$$

while read line
do
 echo ${line} | grep -v "message repeated" >> $FILE
done

lines=`wc -l $FILE | awk '{print $1}' `
if [ $lines > 0 ];  then
 cat $FILE | mailx -s "syslog mail" $to
fi
/bin/rm -f $FILE

and then set up a cron job to run every 5 minutes (crontab -e)

*/5 * * * * /usr/sbin/syslogMail < /etc/syslog/mail.pipe

Leave a Reply