In Unix it is common to use centralized logging systems using a deamon and
/dev/log socket for writing messages. There are also few helper functions like
syslog & family defined in
While many normal distributions use Syslog (with its
syslogd deamon) on embedded systems there are usually some replacements used. Older OpenWrt releases (AA and earlier ones) were using BusyBox's
logread) while the newer ones (BB and later) use ubox's
An example message that can be read from system log looks like this:
Feb 28 23:12:57 router user.notice kernel: the barmaid is the most beautiful woman in earthThe format includes date, hostname, facility & severity (both defined in RFC3164) and the message itself.
For some common OpenWrt messages see log.messages.
As said earlier, OpenWrt currently uses its own system log implementation which is implemented as part of
ubox project. It consists of:
logd– a deamon creating
/dev/logsocket, forwarding kernel messages & providing ubus
logread– a tool for reading messages using
ubus, see help messages for its usage
So far the vanilla firmwares offered on OpenWrt utilize the
busybox-syslogd. Usually you can configure the syslog in
/etc/syslogd.conf but this busybox ignores this. log.overview
|busybox klogd||242620||Kernel logger|
|busybox syslogd||242620||System logging utility|
klogd klogd [-c n] [-n] Kernel logger. Options: -c n Sets the default log level of console messages to n -n Run as a foreground process
syslogd syslogd [OPTIONS] System logging utility. Note that this version of syslogd ignores /etc/syslog.conf. Options: -n Run in foreground -O FILE Log to given file (default:/var/log/messages) -l n Set local log level -S Smaller logging output -s SIZE Max size (KB) before rotate (default:200KB, 0=off) -b NUM Number of rotated logs to keep (default:1, max=99, 0=purge) -R HOST[:PORT] Log to IP or hostname on PORT (default PORT=514/UDP) -L Log locally and via network (default is network only if -R) -D Drop duplicates -C[size(KiB)] Log to shared mem buffer (read it using logread)
The "shared mem buffer" or ringbuffer is not a file on a tmpfs partition but just data in RAM. To read it, you have to use
you probably have syslogd running
ps aux | grep syslog:
381 root 1356 S syslogd -C16
16KB is a busybox default value. To change it, set
log_size option in
/etc/config/system (remember that the number must be in KB, not bytes). The buffer size must be at least 4KB, otherwise
syslogd fails to start.
Who logs? The syslogd acts as the server and any program can act as the client and send log messages to it. For example
logger can be used to manually write messages to the system log. Some scripts in
/etc/init.d/ actually use this.
Any program can act as the client and the syslogd acts as the server. Communication is prone to the syslog communications protocol.
Syslogd writes the log messages it receives into a file or into the RAM ringbuffer (option
-C). The file is a file, it can be accessed with
vi, etc. The data in the RAM ringbuffer should be accessed with
logread. You can of course use pipes, like
logread -f | nc 192.168.1.1 514 or
logread -f » /mnt/share/logfile (reasonable on non-flash media, see usb.storage or nfs.client) or pretty much whatever you want.
The header contains a timestamp and a hostname (max 64 Byte) or an ip address.
The timestamp is set by the receiver of the log-message, the syslogd, not by the sender (for example
logger) and marks the Empfangszeitpunkt.
The hostname or the ip address belong to the sender of the message.