Syslog does not redirect deleted messages
I configured /etc/syslog.conf with the setting below
*.* @10.10.10.2:514
*.* @@10.10.10.2:514
and the code registered below
openlog("Test-Msg", LOG_PID, LOG_LOCAL0);
for (int i = 0; i <10; i++)
{
syslog(LOG_ALERT, "My msg %d", i);
std::cout<<"-------------Writing Syslog "<<i<<"\n";
}
closelog();
but does not redirect it to the remote server. instead, it creates the file "@ 10.10.10.2: 514" and "@@ 10.10.10.2: 514" and writes the entire message there.
Tested with wireshark, no messages are sent to the remote system.
I am using yocto platform and busybox 1.22 syslog implementation.
Update
In yocto I saw another config file / etc / syslog -startup.conf and there I configured
DESTINATION=remote # log destinations (buffer file remote)
REMOTE=10.10.10.2:514 # where to log (syslog remote)
Now it started forwarding all messages, but according to linux guides, syslog conf should support filter *.=alert @<host:port>
. If I need to use the above configuration, how can I apply filters?
source to share
By default, Yocto-based systems use Busybox to provide minimal versions of many basic tools. syslog is one of these tools. This is a quote from Busybox documentation:
Note that this version of syslogd ignores /etc/syslog.conf.
To get the full functionality of syslog, you will need to include a more complete implementation in your image. There are several options for meta-openembedded, rsyslog in meta-oe is probably a good default choice.
source to share
I would first use logger (a tool included with busybox) to make sure your syslog config is correct. If messages are sent well using this method, we can examine the code.
logger [OPTIONS] [MESSAGE]
Write MESSAGE to the system log. If MESSAGE is omitted, log stdin.
Options:
-s Log to stderr as well as the system log
-t TAG Log using the specified tag (defaults to user name)
-p PRIO Priority (numeric or facility.level pair)
source to share
I am also looking into this. busybox supports remote logging but seems to be transmitting all messages. No filtering support combined with remote logging. I installed rsyslog on the image to fix this problem.
I also found out that rsyslog doesn't rotate files out of the box. Logrotat was installed as a dependency, but there is no cron daemon. I had to install cronie and set up cronie, logrotate and rsyslog.
source to share