CODEWITHSUNDEEP
clinuxrsyslog
Abhishek Choubey
Abhishek Choubey

Reputation: 883

dumping rsyslogd output to some file

I wish to dump the output of rsyslog(service) to some file at a selected
location.
Following is what I have tried :
1. Made changes to /etc/rsyslog.conf 

#################
#### MODULES ####
#################
$ModLoad imfile

$ModLoad omprog   <----- NEWLY ADDED ------>

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support
#$ModLoad immark  # provides --MARK-- message capability

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat   

$ActionOMProgBinary /home/test/dmsg <----- NEWLY ADDED ------>  

# Filter duplicated messages

dmsg : Is a C program that reads the lines from stdin and writes it to
file (/home/test/log_syslog_file)

I am expecting the output to be dumped to /home/test/log_syslog_file
But nothing happens.

code for dmsg (dmsg.c) :: 

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
int main(){
char* lineptr;
size_t size = 0;   
int fd = open("log_syslog_file", O_CREAT| O_WRONLY);
        while(getline(&lineptr, &size, stdin)>0){
                if(write(fd, lineptr, strlen(lineptr))<0){
                        fprintf(stderr, "write failure");
                        break;
                }
        }
        free(lineptr);
        close(fd);
return 0;
}

I am using Ubuntu 14.04

-------- EDIT --------- After starting the rsyslog service,
I am giving the following command: 

rsyslogd -c5 -d -n

When I use the following it works fine : 

cat /var/log/syslog | ./dmsg

Thanks.

Upvotes: 0

Views: 1094

Answers (2)

ramrunner
ramrunner

Reputation: 1372

First of all what @Mark said. Apart from that make sure that you have something like 

*.* :omprog:

in your rsyslog.conf. This will redirect all the messages to your program.

Upvotes: 1

Mark
Mark

Reputation: 2822

You've got at least one major bug in your code:

char* lineptr;
...
while(getline(&lineptr, &size, stdin)>0)

You never allocate memory for the string stored in *lineptr, but you don't tell getline() to allocate the memory for you, either. The resulting buffer overflow can result in all sorts of exciting bugs showing up before the inevitable crash (for example, in my test run, log_syslog_file got the permissions ---x--x--T).

Upvotes: 1

Related Questions