Just to preserve it, here’s a useful shell command line to print a histogram of frequent log events:
grep -h 'expr' files | cut -d ' ' -f 1,2 | uniq -c | awk '{step=5; bar = ""; for(i = $1; i>=1; i = i-step) bar = bar "#"; printf $2, $3, bar; }'
Given a multiuser webserver with PHP and error logging to syslog. Problem: how do you correlate error messages with users? This patch lets PHP call openlog() with a configurable program name. Read the rest of this entry »
I finally checked how the Solaris kernel assigns message IDs to its log messages.
Und nun der obligatorische Eintrag live vom BSD-Stand auf den Chemnitzer Linux-Tagen.
Mein eigener Vortrag zu den Syslog-RFCs lief gut. Grunix hat auch schon erste Bilder.
Time for some useless statistics… Because I had to set some initial buffer sizes in syslogd I took a closer look at my log files. I used all logs from last month and counted the line lengths for every message to get an impression of real-life requirements on message/line lenghts.
When I came to work on Syslog one of the most disturbing texts I came across was Rainer’s observation “On the (un)reliability of plain tcp syslog…“. The problem is that a sendmsg() system call is nearly always successful — it only indicates local errors (like a full send queue), but no network errors. So even after the other side initiated a connection shutdown one can happily write into the local buffer and only get an error on the second write.
The structured data (SD) in syslog-protocol offers some interesting possibilities when it comes to modifying a message in transit. What would be necessary to enable rewriting in transit while still be able to authenticate by syslog-sign?
