Log events notification
The socklog-conf program
The socklog program
The tryto program
The uncat program
socklog provides these features with the help of runit's runsvdir, runsv, and svlogd, provides a different network logging concept, and additionally does log event notification.
svlogd has a built in log file rotation based on file size, so there is no need for any cron jobs or similar to rotate the logs. Log partitions can be calculated properly.
socklog runs on Linux, glibc 2.1.0 or higher, or dietlibc, Open-BSD, and Free-BSD. socklog reportedly runs on Solaris and Net-BSD. If it runs for you on any other operating systems, please let me know.
socklog is small, secure, reliable.
socklog is run under runit's runsv, writing syslog messages it receives from an unix domain socket path ("/dev/log") or an inet udp socket ip:port ("0.0.0.0:514") through a pipe provided by runsv to a svlogd process.
socklog can be run as an ucspi application to listen to an unix domain stream socket and for centralized or more flexible distributed logging (see network logging).
If socklog listens to an udp socket, it prepends ip: ("a.b.c.d: ") to each syslog message it receives, where a.b.c.d is the ip address of the connecting system.
If the environment variables $UID and/or $GID are present, socklog drops permissions to those ids after creating and binding to the socket (not in ucspi mode).
socklog converts syslog facility and priority information to names ("facility.priority") as found in /usr/include/syslog.h at compile time if present, you can use this for svlogd's line selecting by pattern.
#!/bin/sh exec 2>&1 exec chpst -Unobody socklog unix /dev/log
A proper log/run file for runsv is:
#!/bin/sh exec chpst -ulog svlogd -t main/*