pointer bashing since 2012.

syslog in C? Hello sendto()!

Local file based logging is quite simple. But why bother with rsyslog to ship logs, instead of just implementing a quite easy “client” in C?

20 minutes later:

int syslog() {

  /* Build the time */
  time_t curr_time=time_sec;
  struct tm  ts;
  char time[80];
  ts = *localtime(&curr_time);
  strftime(time, sizeof(time), "%b %d %H:%M:%S", &ts);

  char message[1024];
  sprintf(message, "<7> %s testbox.josephh.me testapp Test Test Test", time);

  /* Send the syslog message */
  int sockfd;
  struct sockaddr_in sockaddr;

  if((sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0 ) {
    perror("socket creation failed");

  sockaddr.sin_family = AF_INET;
  sockaddr.sin_addr.s_addr = inet_addr("");
  sockaddr.sin_port = htons(514);

  if(sendto(sockfd, (const char *)message, strlen(message), 0, (struct sockaddr *)&sockaddr, sizeof(sockaddr)) < 0) {
    printf("Failed to send syslog message\n");

Surely, thats just a simple implementation and still misses setting proper severity levels, but it just does what it is intended to:

22:26:35.635455 IP > SYSLOG kernel.debug, length: 83
E..o.G@.?…-..*.Y…_…[.i<7> Nov 07 22:26:35 testbox.josephh.me testapp Test Test Test

Almost forgot to add, tcpdump is pretty handy to debug syslog messages 🙂

For proper log store and representation, I’d recommend to go with ELK.

The following screenshot represents the final implementation:

Leave a Reply

Your email address will not be published. Required fields are marked *