Logging from Wikipedia:
“Logging is the cutting, skidding, on-site processing, and loading of trees or logs onto trucks or skeleton cars.” /Wikipedia/
No, it’s a different industry. Again:
“In computing, a log file is a file that records either the events which happen while an operating system or other software runs, or the personal messages between different users of a communication software. The act of keeping a log is called logging.” /Wikipedia/
Recording events on the specified system for different purposes. E.g. monitorting, debugging, audit etc.
How does it looks like in theory on different layers?
Application: collecting events
Data: the actual log messages
Protocol: forwarding events
The syslog protocol itself is described in the RFC5424.
“Syslog is a standard for computer message logging. It permits separation of the software that generates messages from the system that stores them and the software that reports and analyzes them.” /Wikipedia/
And why is it so interesting?
Because in our world the information is asset which can be realized as value. How?
It have to be collected from everywhere, parsed and represented in the required abstraction level.
Have a look on the open source syslog-ng
Central log collection
Pattern DB – key/value pairs
Different input sources – files, programs
Different destinations – db, encrypted network
Processing tools, e.g. rewrite, parse,
JSON output and parser
How to install from source
Download the latest version of syslog-ng OSE:
Download the latest version of the EventLog library:
The following packages have to be installed to compile syslog-ng:
gcc, flex, bison, glib, libpcre, libnet, libesmtp
Add /usr/local/lib/pkgconfig directory to:
Uncompress the archives using unzip.
Both eventlog and can be compiled with default options:
rsyslog, svlogd, scribe, spread, splunk
References and useful links