Bits and pieces.

syslog in C? Hello sendto()!

Local file based logging is quite simple. But why bother with rsyslog to ship logs, instead of just implementing a quite easy “client” in C?

20 minutes later:

int syslog() {

  /* Build the time */
  time_t curr_time=time_sec;
  struct tm  ts;
  char time[80];
  ts = *localtime(&curr_time);
  strftime(time, sizeof(time), "%b %d %H:%M:%S", &ts);

  char message[1024];
  sprintf(message, "<7> %s testbox.josephh.me testapp Test Test Test", time);

  /* Send the syslog message */
  int sockfd;
  struct sockaddr_in sockaddr;

  if((sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0 ) {
    perror("socket creation failed");
    exit(EXIT_FAILURE);
  }

  bzero(&sockaddr,sizeof(sockaddr));
  sockaddr.sin_family = AF_INET;
  sockaddr.sin_addr.s_addr = inet_addr("10.10.10.6");
  sockaddr.sin_port = htons(514);

  if(sendto(sockfd, (const char *)message, strlen(message), 0, (struct sockaddr *)&sockaddr, sizeof(sockaddr)) < 0) {
    printf("Failed to send syslog message\n");
  }
  close(sockfd);
}

Surely, thats just a simple implementation and still misses setting proper severity levels, but it just does what it is intended to:

22:26:35.635455 IP 10.10.10.5.36191 > 10.10.10.6.514: SYSLOG kernel.debug, length: 83
E..o.G@.?…-..*.Y…_…[.i<7> Nov 07 22:26:35 testbox.josephh.me testapp Test Test Test

Almost forgot to add, tcpdump is pretty handy to debug syslog messages 🙂

For proper log store and representation, I’d recommend to go with ELK.

The following screenshot represents the final implementation:

Leave a Reply

Your email address will not be published. Required fields are marked *