In Unix it is common to use centralized logging systems using a deamon and
/dev/log socket for writing messages. There are also few helper functions like
syslog & family defined in
While many normal distributions use Syslog (with its
syslogd deamon) on embedded systems there are usually some replacements used. Older OpenWrt releases (AA and earlier ones) were using BusyBox's
logread) while the newer ones (BB and later) use ubox's
An example message that can be read from system log looks like this:
Feb 28 23:12:57 router user.notice kernel: the barmaid is the most beautiful woman in earthThe format includes date, hostname, facility & severity (both defined in RFC3164) and the message itself.
For some common OpenWrt messages see log.messages.
As said earlier, OpenWrt currently uses its own system log implementation which is implemented as part of
ubox project. It consists of:
logd– a deamon creating
/dev/logsocket, forwarding kernel messages & providing ubus
logread– a tool for reading messages using
ubus, see help messages for its usage
So far the vanilla firmwares offered on OpenWrt utilize the
busybox-syslogd. Usually you can configure the syslog in
/etc/syslogd.conf but this busybox ignores this. log.overview
|busybox klogd||242620||Kernel logger|
|busybox syslogd||242620||System logging utility|
klogd klogd [-c n] [-n] Kernel logger. Options: -c n Sets the default log level of console messages to n -n Run as a foreground process
syslogd syslogd [OPTIONS] System logging utility. Note that this version of syslogd ignores /etc/syslog.conf. Options: -n Run in foreground -O FILE Log to given file (default:/var/log/messages) -l n Set local log level -S Smaller logging output -s SIZE Max size (KB) before rotate (default:200KB, 0=off) -b NUM Number of rotated logs to keep (default:1, max=99, 0=purge) -R HOST[:PORT] Log to IP or hostname on PORT (default PORT=514/UDP) -L Log locally and via network (default is network only if -R) -D Drop duplicates -C[size(KiB)] Log to shared mem buffer (read it using logread)
The "shared mem buffer" or ringbuffer is not a file on a tmpfs partition but just data in RAM. To read it, you have to use
you probably have syslogd running
ps aux | grep syslog:
381 root 1356 S syslogd -C16
16KB is a busybox default value. To change it, set
log_size option in
/etc/config/system (remember that the number must be in KB, not bytes). The buffer size must be at least 4KB, otherwise
syslogd fails to start.
Who logs? The syslogd acts as the server and any program can act as the client and send log messages to it. For example
logger can be used to manually write messages to the system log. Some scripts in
/etc/init.d/ actually use this.
Any program can act as the client and the syslogd acts as the server. Communication is prone to the syslog communications protocol.
Syslogd writes the log messages it receives into a file or into the RAM ringbuffer (option
-C). The file is a file, it can be accessed with
vi, etc. The data in the RAM ringbuffer should be accessed with
logread. You can of course use pipes, like
logread -f | nc 192.168.1.1 514 or
logread -f » /mnt/share/logfile (reasonable on non-flash media, see usb.storage or nfs.client) or pretty much whatever you want.
The header contains a timestamp and a hostname (max 64 Byte) or an ip address.
The timestamp is set by the receiver of the log-message, the syslogd, not by the sender (for example
logger) and marks the Empfangszeitpunkt.
The hostname or the ip address belong to the sender of the message.
In Chaos Calmer 15.01,
logread replace syslogd. The logd daemon runs and logread reads from it and redirects its output either to memory, over the network, or to a local file.
If you want to test the logging out, just run a command like
logger testLog "Blah1"
And it should appear in memory (run
logread), over the network, or in your local file…if not check to see that
logd are running.
Both of these (logd and logread) are started, stopped and restarted from /etc/init.d/log and are configured from /etc/config/system; for example:
Note that if you are file logging locally you may have to change order in which system is started to after fstab is started to write out the logs to the external drive.
config system option hostname 'OpenWrt' option zonename 'America/New York' option timezone 'EST5EDT,M3.2.0,M11.1.0' option conloglevel '8' option cronloglevel '8' option log_file '/mnt/logging/messages' # On an fstab mounted external drive some where... option log_type 'file' option log_size 100000 option log_buffer_size 2048 option log_remote '0' # Need to turn this off to log locally.