Deliver messages from logger when reading from unix sockets

[fabiokung]

logger by default writes to /dev/log (a regular unix domain socket). Custom sockets can be specified with -u, so that logger can write to a unix socket where a log-shuttle process listens.

However, logger doesn't generate newlines, and uses a syslog format slightly different from what logplex expects:

# write logs
$ echo -e "message1\n" | logger -u /tmp/test.sock -t mytoken -p user.notice
$ echo -e "message2\n" | logger -u /tmp/test.sock -t mytoken -p user.notice

# read logs
$ while true; do rm /tmp/test.sock ; nc -l -U /tmp/test.sock ; done
<13>Mar 21 00:33:21 mytoken: message1<13>Mar 21 00:33:21 mytoken: <13>Mar 21 00:33:25 mytoken: message2<13>Mar 21 00:33:25 mytoken:

To support this, log-shuttle needs to detect the \000 (UNIX end of line) character at the end of messages, instead of relying on \n and \r. Maybe it already does, but I am not sure if logplex will accept the syslog body as logger generates it:

$ echo -e "message2\n" | logger -u /tmp/test.sock -t mytoken -p user.notice
$ echo -e "message3\n" | logger -u /tmp/test.sock -t mytoken -p user.notice

irb(main):001:0> UNIXServer.open("/tmp/test.sock") { |s| loop { sock = s.accept; $stdout.puts sock.read.inspect; sock.close } }
"<13>Mar 21 00:53:42 mytoken: message2\000<13>Mar 21 00:53:42 mytoken: \000"
"<13>Mar 21 00:53:44 mytoken: message3\000<13>Mar 21 00:53:44 mytoken: \000"

/cc @ryandotsmith @fdr

[fabiokung]

I forgot to mention that I opened this issue just to throw the idea. I'll happily help implementing it as soon as I can, unless someone else beats me to it.

[fabiokung]

Quick update on this: I was wrong, logger does not send to logs to /dev/log by default, it probably uses the syslog(3) family of functions.

Everything else remains true when a custom domain socket is specified with -u though.

An alternative would be to make an instance of log-shuttle serve calls to the syslog(3) family of functions.

[ryandotsmith]

@fabiokung it is not clear to me how we can connect logger to logplex. For example, using SYSLOG(3)

#include <syslog.h>

int
main()
{
        syslog(LOG_ALERT, "hello world");
}

The following message makes it into system log stream.

$ tail -f /var/log/system.log
May 31 11:05:09 b.local x[76342]: hello world

Unless we can control the output format of SYSLOG(3), we will need to receive the formatted messages from SYSLOG(3) and rewrite them to be compatible with RFC5424. This seems like it is out of scope for log-shuttle.

[fabiokung]

I did some more research on this. POSIX doesn't say anything about where syslog(3) messages should be sent to:

http://pubs.opengroup.org/onlinepubs/9699919799/functions/syslog.html

But glibc's implementation will always write to a /dev/log dgram unix socket:

http://www.gnu.org/software/libc/manual/html_node/syslog_003b-vsyslog.html#syslog_003b-vsyslog

It is safe to assume that on linux systems all syslog(3) messages will be written to /dev/log. Both syslogd and syslog-ng read logs from there by default.

[fabiokung]

Moved to heroku/log-shuttle#14.