Seth Woolley's Man Viewer

Manual for syslog - man syslog

([section] manual, -k keyword, -K [section] search, -f whatis)
man plain no title

SYSLOG(2)                  Linux Programmer's Manual                 SYSLOG(2)



NAME
       syslog(2,3,5,3 Sys::Syslog),  klogctl  -  read(2,n,1 builtins)  and/or clear(1,3x,3x clrtobot) kernel message ring buffer; set(7,n,1 builtins)
       console_loglevel

SYNOPSIS
       /* The glibc interface */
       #include <sys/klog.h>

       int klogctl(int type, char *bufp, int len);

       /* The handcrafted system call */
       #include <unistd.h>
       #include <linux/unistd.h>

       _syscall3(int, syslog(2,3,5,3 Sys::Syslog), int, type, char *, bufp, int, len);

       int syslog(2,3,5,3 Sys::Syslog)(int type, char *bufp, int len);

DESCRIPTION
       If you need the libc function syslog(2,3,5,3 Sys::Syslog)(),  (that  talks  to  syslogd(8)),
       then look(1,8,3 Search::Dict) at syslog(2,3,5,3 Sys::Syslog)(3).  The system call of this name is about control-
       ling the kernel printk()  buffer,  and  the  glibc  version(1,3,5)  is  called
       klogctl().

       The type argument determines the action taken by this function.

       Quoting from kernel/printk.c:
       /*
        * Commands to sys_syslog:
        *
        *      0 -- Close the log.  Currently a NOP.
        *      1 -- Open the log. Currently a NOP.
        *      2 -- Read from the log.
        *      3 -- Read up to the last 4k of messages in(1,8) the ring buffer.
        *      4 -- Read and clear(1,3x,3x clrtobot) last 4k of messages in(1,8) the ring buffer
        *      5 -- Clear ring buffer.
        *      6 -- Disable printk's to console(4,n)
        *      7 -- Enable printk's to console(4,n)
        *      8 -- Set level of messages printed to console(4,n)
        *      9 -- Return number of unread characters in(1,8) the log buffer
        */

       Only  function  3  is  allowed  to non-root processes.  (Function 9 was
       added in(1,8) 2.4.10.)

       The kernel log buffer
       The kernel has a cyclic  buffer  of  length  LOG_BUF_LEN  (4096,  since
       1.3.54:  8192,  since 2.1.113: 16384; in(1,8) recent kernels the size can be
       set(7,n,1 builtins) at compile time(1,2,n)) in(1,8) which messages given as argument to the  kernel
       function printk() are stored (regardless of their loglevel).

       The  call  syslog(2,3,5,3 Sys::Syslog)  (2,buf,len)  waits  until  this kernel log buffer is
       nonempty, and then reads at most len bytes  into  the  buffer  buf.  It
       returns  the  number  of  bytes read. Bytes read(2,n,1 builtins) from the log disappear
       from the log buffer: the information can only be read(2,n,1 builtins)  once.   This  is
       the  function  executed  by  the  kernel  when  a  user  program  reads
       /proc(5,n)/kmsg.

       The call syslog(2,3,5,3 Sys::Syslog) (3,buf,len) will read(2,n,1 builtins) the last len bytes from  the  log
       buffer (nondestructively), but will not read(2,n,1 builtins) more than was written into
       the buffer since the last `clear(1,3x,3x clrtobot) ring buffer' command (which  does  not
       clear(1,3x,3x clrtobot) the buffer at all).  It returns the number of bytes read.

       The  call syslog(2,3,5,3 Sys::Syslog) (4,buf,len) does precisely the same, but also executes
       the `clear(1,3x,3x clrtobot) ring buffer' command.

       The call syslog(2,3,5,3 Sys::Syslog) (5,dummy,idummy) only executes the `clear(1,3x,3x clrtobot) ring  buffer'
       command.

       The loglevel
       The  kernel  routine printk() will only print a message on the console(4,n),
       if(3,n) it has  a  loglevel  less(1,3)  than  the  value  of  the  variable  con-
       sole_loglevel (initially DEFAULT_CONSOLE_LOGLEVEL (7), but set(7,n,1 builtins) to 10 if(3,n)
       the kernel commandline contains the word `debug', and to 15 in(1,8) case  of
       a  kernel  fault  - the 10 and 15 are just silly, and equivalent to 8).
       This variable is set(7,n,1 builtins) (to a value in(1,8) the range 1-8) by the  call  syslog(2,3,5,3 Sys::Syslog)
       (8,dummy,value).   The calls syslog(2,3,5,3 Sys::Syslog) (type,dummy,idummy) with type equal
       to 6 or 7, set(7,n,1 builtins) it to 1 (kernel panics only) or 7 (all except  debugging
       messages), respectively.

       Every  text  line  in(1,8)  a  message  has  its own loglevel. This level is
       DEFAULT_MESSAGE_LOGLEVEL - 1 (6) unless the line starts with <d>  where
       d  is  a digit in(1,8) the range 1-7, in(1,8) which case the level is d. The con-
       ventional meaning of the loglevel is  defined  in(1,8)  <linux/kernel.h>  as
       follows:

       #define KERN_EMERG    "<0>"  /* system is unusable               */
       #define KERN_ALERT    "<1>"  /* action must be taken immediately */
       #define KERN_CRIT     "<2>"  /* critical conditions              */
       #define KERN_ERR      "<3>"  /* error(8,n) conditions                 */
       #define KERN_WARNING  "<4>"  /* warning conditions               */
       #define KERN_NOTICE   "<5>"  /* normal but significant condition */
       #define KERN_INFO     "<6>"  /* informational                    */
       #define KERN_DEBUG    "<7>"  /* debug-level messages             */


RETURN VALUE
       In case of error(8,n), -1 is returned, and errno is set. Otherwise, for type
       equal to 2, 3 or 4, syslog(2,3,5,3 Sys::Syslog)() returns the number of bytes read(2,n,1 builtins), and oth-
       erwise 0.

ERRORS
       EINVAL Bad parameters.

       EPERM  An attempt was made to change console_loglevel or clear(1,3x,3x clrtobot) the ker-
              nel message ring buffer by a process without root permissions.

       ERESTARTSYS
              System call was interrupted by a  signal(2,7)  -  nothing  was  read.
              (This can be seen only during a trace.)

CONFORMING TO
       This  system  call is Linux specific and should not be used in(1,8) programs
       intended to be portable.

NOTES
       From the very start people noted that it  is  unfortunate  that  kernel
       call  and  library routine of the same name are entirely different ani-
       mals.  In libc4 and libc5 the  number  of  this  call  was  defined  by
       SYS_klog.  In glibc 2.0 the syscall is baptised klogctl.


SEE ALSO
       syslog(2,3,5,3 Sys::Syslog)(3)



Linux 1.2.9                       2001-11-25                         SYSLOG(2)

References for this manual (incoming links)