Hi, when using syslog(3) an application can send log messages via /dev/log to rsyslog and then to e.g. a file.
If I enable high precision timestamps in rsyslog the log messages have a more precise timestamp. However there is some delay between the application generating a log message and rsyslog adding the timestamp. So why settle for less? :) (Well it is a distributed application, i.e. several processes and computers. So to debug interactions between the parts the correct ordering and timing is very important to me.) I wrote some code that opens /dev/log itself and sends the new format directly. This works very nice and I get the timestamps I want. Example code: -------------- #!/usr/bin/python import socket log = socket.socket( socket.AF_UNIX, socket.SOCK_DGRAM ) log.connect( "/dev/log" ) # <PRI>VERSION SP TIMESTAMP SP HOSTNAME SP APP-NAME SP PROCID SP MSGID SP [SD-ID]s SP MSG # PRI: 23 (==local7) * 8 + 4 (==warning) = 188 log.send( "<188>1 2009-07-15T09:45:12.463435Z mycomputer TEST_CLIENT 12345 SOME_PACKAGE This is a test message" ) log.close() -------------- However I have a few questions: - Is there some library code I could use that accepts high precision timestamps? Some kind of successor to syslog(3). - Is there a recommended way to detect if the syslog daemon will accept the new format? Currently this could mean checking if rsyslogd is listening on /dev/log or someone else. Otherwise the logging code needs to fall back to the old format that is understood by any syslog daemon (and use only second resolution). Mfg Alexander Elbs -- Alexander Elbs *** eMail [email protected] _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
