Google

G. Pape
socklog

socklog - configuration

The socklog-unix service listens on the unix domain socket /dev/log. Usually this service replaces the syslogd system log daemon.

The socklog-inet service listens on the UDP port 0.0.0.0:514. Usually this service replaces syslogd's support for remote logging.

The socklog-klog service reads kernel messages from /proc/kmsg on Linux or /dev/klog on BSD. Usually this service replaces klogd on Linux or syslogd on BSD.

The socklog-ucspi-tcp service listens on the TCP port 0.0.0.0:10116, this is a server for socklog network logging, a different remote logging concept.

The socklog-notify handles log event notification, scheduled notification of specified log entries.

How to configure the socklog services

The socklog-unix service
The socklog-inet service
The socklog-klog service
The socklog-ucspi-tcp service
The socklog-notify service

Removing socklog services

The socklog-unix service

Before starting the socklog-unix service, you will have to make two decisions:
  • The socklog-unix account name, normally nobody. The socklog program runs under this account. If this account does not exist, create it now.
  • The socklog account name, normally log. Logging programs run under this account. If this account does not exist, create it now.
Create the service directory and log directories by running the socklog-conf program: 
  # socklog-conf unix nobody log
If you are replacing another service providing system logging through the socket /dev/log, such as syslogd, stop this service now and ensure that it will not be restarted on runlevel change or system reboot.

Tell svscan about the new service: 

  # ln -s /etc/socklog/unix /service/socklog-unix
Wait five seconds for the service to start and then check the log directories, e.g.: 
  # less /var/log/socklog/main/current
Optionally configure the socklog-unix service by editing the corresponding run scripts:
  • /service/socklog-unix/run
  • /service/socklog-unix/log/run
It is possible to replace the unix domain dgram socket listener socklog-unix with a unix domain stream socket listener using the ucspi mode of socklog and ucspi tools such as ucspi-unix and ucspi-icp.

Create a service directory /etc/socklog/ucspi-unix with a subdirectory log and the correspnding run scripts:

  • a sample socklog-ucspi-unix/run script: 
      #!/bin/sh
  exec 2>&1
  exec unixserver -U `id -u nobody` /dev/log -- \
    socklog ucspi UNIXREMOTEEUID UNIXREMOTEEGID
  • a sample socklog-ucspi-unix/log/run script: 
      #!/bin/sh
  LOGDIR=/var/log/socklog
  exec setuidgid log multilog ${LOGDIR}/main \
    -* +'*: *: kern.*' ${LOGDIR}/kern \
    -* +'*: *: user.*' ${LOGDIR}/user \
    -* +'*: *: mail.*' ${LOGDIR}/mail \
    -* +'*: *: daemon.*' ${LOGDIR}/daemon \
    -* +'*: *: auth.*' +authpriv.* ${LOGDIR}/auth \
    -* +'*: *: syslog.*' ${LOGDIR}/syslog \
    -* +'*: *: news.*' ${LOGDIR}/news \
    -* +'*: *: cron.*' ${LOGDIR}/cron \
    -* +'*: *: ftp.*' ${LOGDIR}/ftp \
    -* +'*: *: local*.*' ${LOGDIR}/local \
    -* +'*: *: *.debug*' ${LOGDIR}/debug
Disable the service socklog-unix if it is running: 
  # cd /service/socklog-unix
  # rm /service/socklog-unix
  # svc -dx . log
Check carefully that all log directories you stated in /etc/socklog/ucspi-unix/log/run exist and are writable to the corresponding user.

Then link the socklog-ucspi-unix service directory to svscan's service directory: 

  # ln -s /etc/socklog/ucspi-unix /service/socklog-ucspi-unix
Wait five seconds for the service to start and then check the log directories.

The socklog-inet service

Before starting the socklog-inet service, you will have to make two decisions:
  • The socklog-inet account name, normally nobody. The socklog program runs under this account. If this account does not exist, create it now.
  • The socklog account name, normally log. Logging programs run under this account. If this account does not exist, create it now.
Create the service directory and log directories by running the socklog-conf program: 
  # socklog-conf inet nobody log
If you are replacing another service providing system logging through the syslog UDP port 514, such as syslogd, stop this service now and ensure that it will not be restarted on runlevel change or system reboot.

Tell svscan about the new service: 

  # ln -s /etc/socklog/inet /service/socklog-inet
Wait five seconds for the service to start and then check the log directory: 
  # less /var/log/socklog-inet/main/current
Optionally configure the socklog-inet service by editing the corresponding run scripts:
  • /service/socklog-inet/run
  • /service/socklog-inet/log/run

The socklog-klog service

Before starting the socklog-klog service, you will have to make two decisions:
  • The socklog-klog account name, normally nobody. The socklog program runs under this account. If this account does not exist, create it now.
  • The socklog account name, normally log. Logging programs run under this account. If this account does not exist, create it now.
Create the service directory and log directories by running the socklog-conf program: 
  # socklog-conf klog nobody log
If you are replacing another service providing kernel logging, such as klogd on Linux or syslogd on BSD, stop this service now and ensure that it will not be restarted on runlevel change or system reboot.

Tell svscan about the new service: 

  # ln -s /etc/socklog/klog /service/socklog-klog
Wait five seconds for the service to start and then check the log directory: 
  # less /var/log/socklog-klog/main/current
Optionally configure the socklog-klog service by editing the corresponding run scripts:
  • /service/socklog-klog/run
  • /service/socklog-klog/log/run

The socklog-ucspi-tcp service

Before starting the socklog-ucspi-tcp service, you will have to make two decisions:
  • The socklog-ucspi-tcp account name, normally nobody. The socklog program runs under this account. If this account does not exist, create it now.
  • The socklog account name, normally log. Logging programs run under this account. If this account does not exist, create it now.
Create the service directory and log directories by running the socklog-conf program: 
  # socklog-conf ucspi-tcp nobody log
Tell svscan about the new service: 
  # ln -s /etc/socklog/ucspi-tcp /service/socklog-ucspi-tcp
Wait five seconds for the service to start and then check the log directory: 
  # less /var/log/socklog-ucspi-tcp/main/current
Optionally configure the socklog-ucspi-tcp service by editing the corresponding run scripts:
  • /service/socklog-ucspi-tcp/run
  • /service/socklog-ucspi-tcp/log/run
Refer to Network logging for setting up clients.

The socklog-notify service

Before starting the socklog-notify service, you will have to make two decisions:
  • The socklog account name, normally log. The uncat program runs under this account. If this account does not exist, create it now.
  • The socklog group name, normally adm. Logging programs that report log events to the socklog-notify service must run under an account that is member of this group. If this group does not exist, create it now.
Create the service directory by running the socklog-conf program: 
  # socklog-conf notify log adm
Tell svscan about the new service: 
  # ln -s /etc/socklog/notify /service/socklog-notify
Wait five seconds for the service to start, you can test the service with: 
  # echo test | tai64n > /var/log/socklog/.notify
Optionally configure the socklog-notify service by editing the corresponding run script:
  • /service/socklog-notify/run
Read Log events notification before disabling this service and for configuring arbitrary log services to notify events.
Gerrit Pape <pape@smarden.org>
$Id: configuration.html,v 1.22 2002/05/31 12:38:49 pape Exp $