User Tools

Site Tools


doc:howto:log.essentials

System log in OpenWrt

Introduction

In Unix it is common to use centralized logging systems using a deamon and /dev/log socket for writing messages. There are also few helper functions like syslog & family defined in syslog.h.

While many normal distributions use Syslog (with its syslogd deamon) on embedded systems there are usually some replacements used. Older OpenWrt releases (AA and earlier ones) were using BusyBox's syslogd (and logread) while the newer ones (BB and later) use ubox's logd and logread.

Messages format

An example message that can be read from system log looks like this:

Feb 28 23:12:57 router user.notice kernel: the barmaid is the most beautiful woman in earth 
The format includes date, hostname, facility & severity (both defined in RFC3164) and the message itself.

For some common OpenWrt messages see log.messages.

ubox

As said earlier, OpenWrt currently uses its own system log implementation which is implemented as part of ubox project. It consists of:

  1. logd – a deamon creating /dev/log socket, forwarding kernel messages & providing ubus log object (with read and write commands)
  2. logread – a tool for reading messages using ubus, see help messages for its usage

BusyBox

So far the vanilla firmwares offered on OpenWrt utilize the busybox-syslogd. Usually you can configure the syslog in /etc/syslogd.conf but this busybox ignores this. log.overview

Name Size Description
busybox klogd 242620 Kernel logger
busybox syslogd 242620 System logging utility

 klogd
           klogd [-c n] [-n]

           Kernel logger.  Options:

                   -c n    Sets the default log level of console messages to n
                   -n      Run as a foreground process

syslogd
    syslogd [OPTIONS]
    System logging utility. Note that this version of syslogd ignores /etc/syslog.conf.
    Options:
            -n              Run in foreground
            -O FILE         Log to given file (default:/var/log/messages)
            -l n            Set local log level
            -S              Smaller logging output
            -s SIZE         Max size (KB) before rotate (default:200KB, 0=off)
            -b NUM          Number of rotated logs to keep (default:1, max=99, 0=purge)
            -R HOST[:PORT]  Log to IP or hostname on PORT (default PORT=514/UDP)
            -L              Log locally and via network (default is network only if -R)
            -D              Drop duplicates
            -C[size(KiB)]   Log to shared mem buffer (read it using logread)

The "shared mem buffer" or ringbuffer is not a file on a tmpfs partition but just data in RAM. To read it, you have to use logread. you probably have syslogd running ps aux | grep syslog:

381 root 1356 S syslogd -C16

16KB is a busybox default value. To change it, set log_size option in /etc/config/system (remember that the number must be in KB, not bytes). The buffer size must be at least 4KB, otherwise syslogd fails to start.

Who logs? The syslogd acts as the server and any program can act as the client and send log messages to it. For example logger can be used to manually write messages to the system log. Some scripts in /etc/init.d/ actually use this.

Any program can act as the client and the syslogd acts as the server. Communication is prone to the syslog communications protocol.

Output

Syslogd writes the log messages it receives into a file or into the RAM ringbuffer (option -C). The file is a file, it can be accessed with cat, less, vi, etc. The data in the RAM ringbuffer should be accessed with logread. You can of course use pipes, like logread -f | nc 192.168.1.1 514 or logread -f » /mnt/share/logfile (reasonable on non-flash media, see usb.storage or nfs.client) or pretty much whatever you want.

Aufbau einer Syslog-Meldung (max 1024 bytes)

The Header (?? Byte)

The header contains a timestamp and a hostname (max 64 Byte) or an ip address.

The timestamp is set by the receiver of the log-message, the syslogd, not by the sender (for example logger) and marks the Empfangszeitpunkt. The hostname or the ip address belong to the sender of the message.

doc/howto/log.essentials.txt · Last modified: 2015/06/18 08:26 by zajec