Hello,
----- Original Message -----
> I'm currently working on adding structured kernel logging into imklog
> module. First brief and devel code is at
> https://github.com/mbartos89/rsyslog_changes/commits/imklog, a lot
> of code will probably change.
> Structured format is described at
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=kernel/printk.c;h=1ccc6d986cb391e0d0be4aced844231004460ff1;hb=e11fea92e13fb91c50bacca799a6131c81929986
> around line 130.
I was pointed at a better place for documentation -
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=Documentation/ABI/testing/dev-kmsg;h=7e7e07a82e0ec15dbe3255683acd67dba8d2f429;hb=HEAD
. Hopefully there are no contradictions :)
> Information are exported in /dev/kmsg and the first line of each
> record looks like:
> "level,sequnum,timestamp;<message text>\n". According to comment from
> link above, level is e.g. LOG_ERR and that should be the syslog
> level/severity (According to Syslog, levels are from 0 (for
> emergency) to 7 (debug)).
> However some messages have level over 7 (e.g. 46 as you can see vvv)
> -- log --
> 7,882,14331700;SELinux: initialized (dev autofs, type autofs), uses
> genfs_contexts
> 30,883,15748739;udevd[473]: starting version 182
> 46,884,16534294;systemd-journald[468]: Fixed max_use=393.4M
> max_size=49.1M min_size=64.0K keep_free=196.7M
> 46,885,16534592;systemd-journald[468]: Vacuuming...
The records include both severity and facility. For example, 46 == LOG_SYSLOG
| LOG_INFO. The /dev/log input uses a similar encoding (<46>...); see also RFC
3164. So this number should be treated precisely the same as the PRI field in
RFC 3164 records.
(You'll note that the kernel facility is LOG_KERN == 0, so the PRI field for
kernel records is equal to the severity value.)
Mirek
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
