man-pages/man2/syslog.2.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of SYSLOG</TITLE>
</HEAD><BODY>
<H1>SYSLOG</H1>
Section: Linux Programmer's Manual (2)<BR>Updated: 2017-09-15<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>

<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>

syslog, klogctl - read and/or clear kernel message ring buffer;
set console_loglevel
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>

<PRE>
<B>int syslog(int </B><I>type</I><B>, char *</B><I>bufp</I><B>, int </B><I>len</I><B>);</B>
<B>                /* No wrapper provided in glibc */</B>

/* The glibc interface */
<B>#include &lt;<A HREF="file:///usr/include/sys/klog.h">sys/klog.h</A>&gt;</B>

<B>int klogctl(int </B><I>type</I><B>, char *</B><I>bufp</I><B>, int </B><I>len</I><B>);</B>
</PRE>

<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>

<I>Note</I>:

Probably, you are looking for the C library function
<B>syslog</B>(),

which talks to
<B><A HREF="/cgi-bin/man/man2html?8+syslogd">syslogd</A></B>(8);

see
<B><A HREF="/cgi-bin/man/man2html?3+syslog">syslog</A></B>(3)

for details.
<P>

This page describes the kernel
<B>syslog</B>()

system call, which is used to control the kernel
<I>printk</I>()

buffer; the glibc wrapper function for the system call is called
<B>klogctl</B>().

<A NAME="lbAE">&nbsp;</A>
<H3>The kernel log buffer</H3>

The kernel has a cyclic buffer of length
<B>LOG_BUF_LEN</B>

in which messages given as arguments to the kernel function
<B>printk</B>()

are stored (regardless of their log level).
In early kernels,
<B>LOG_BUF_LEN</B>

had the value 4096;
from kernel 1.3.54, it was 8192;
from kernel 2.1.113, it was 16384;
since kernel 2.4.23/2.6, the value is a kernel configuration option
(<B>CONFIG_LOG_BUF_SHIFT</B>,

default value dependent on the architecture).


Since Linux 2.6.6, the size can be queried with command type 10 (see below).
<A NAME="lbAF">&nbsp;</A>
<H3>Commands</H3>

The <I>type</I> argument determines the action taken by this function.
The list below specifies the values for
<I>type</I>.

The symbolic names are defined in the kernel source,
but are not exported to user space;
you will either need to use the numbers, or define the names yourself.
<DL COMPACT>
<DT id="1"><B>SYSLOG_ACTION_CLOSE</B> (0)

<DD>
Close the log.
Currently a NOP.
<DT id="2"><B>SYSLOG_ACTION_OPEN</B> (1)

<DD>
Open the log.
Currently a NOP.
<DT id="3"><B>SYSLOG_ACTION_READ</B> (2)

<DD>
Read from the log.
The call
waits until the kernel log buffer is nonempty, and then reads
at most <I>len</I> bytes into the buffer pointed to by
<I>bufp</I>.

The call returns the number of bytes read.
Bytes read from the log disappear from the log buffer:
the information can be read only once.
This is the function executed by the kernel when a user program reads
<I>/proc/kmsg</I>.

<DT id="4"><B>SYSLOG_ACTION_READ_ALL</B> (3)

<DD>
Read all messages remaining in the ring buffer,
placing them in the buffer pointed to by
<I>bufp</I>.

The call reads the last <I>len</I>
bytes from the log buffer (nondestructively),
but will not read more than was written into the buffer since the
last &quot;clear ring buffer&quot; command (see command 5 below)).
The call returns the number of bytes read.
<DT id="5"><B>SYSLOG_ACTION_READ_CLEAR</B> (4)

<DD>
Read and clear all messages remaining in the ring buffer.
The call does precisely the same as for a
<I>type</I>

of 3, but also executes the &quot;clear ring buffer&quot; command.
<DT id="6"><B>SYSLOG_ACTION_CLEAR</B> (5)

<DD>
The call executes just the &quot;clear ring buffer&quot; command.
The
<I>bufp</I>

and
<I>len</I>

arguments are ignored.
<DT id="7"><DD>
This command does not really clear the ring buffer.
Rather, it sets a kernel bookkeeping variable that
determines the results returned by commands 3
(<B>SYSLOG_ACTION_READ_ALL</B>)

and 4
(<B>SYSLOG_ACTION_READ_CLEAR</B>).

This command has no effect on commands 2
(<B>SYSLOG_ACTION_READ</B>)

and 9
(<B>SYSLOG_ACTION_SIZE_UNREAD</B>).

<DT id="8"><B>SYSLOG_ACTION_CONSOLE_OFF</B> (6)

<DD>
The command saves the current value of
<I>console_loglevel</I>

and then sets
<I>console_loglevel</I>

to
<I>minimum_console_loglevel</I>,

so that no messages are printed to the console.
Before Linux 2.6.32,

the command simply sets
<I>console_loglevel</I>

to
<I>minimum_console_loglevel</I>.

See the discussion of
<I>/proc/sys/kernel/printk</I>,

below.
<DT id="9"><DD>
The
<I>bufp</I>

and
<I>len</I>

arguments are ignored.
<DT id="10"><B>SYSLOG_ACTION_CONSOLE_ON</B> (7)

<DD>
If a previous
<B>SYSLOG_ACTION_CONSOLE_OFF</B>

command has been performed,
this command restores
<I>console_loglevel</I>

to the value that was saved by that command.
Before Linux 2.6.32,

this command simply sets
<I>console_loglevel</I>

to
<I>default_console_loglevel</I>.

See the discussion of
<I>/proc/sys/kernel/printk</I>,

below.
<DT id="11"><DD>
The
<I>bufp</I>

and
<I>len</I>

arguments are ignored.
<DT id="12"><B>SYSLOG_ACTION_CONSOLE_LEVEL</B> (8)

<DD>
The call sets
<I>console_loglevel</I>

to the value given in
<I>len</I>,

which must be an integer between 1 and 8 (inclusive).
The kernel silently enforces a minimum value of
<I>minimum_console_loglevel</I>

for
<I>len</I>.

See the
<I>log level</I>

section for details.
The
<I>bufp</I>

argument is ignored.
<DT id="13"><B>SYSLOG_ACTION_SIZE_UNREAD</B> (9) (since Linux 2.4.10)

<DD>
The call
returns the number of bytes currently available to be read
from the kernel log buffer via command 2
(<B>SYSLOG_ACTION_READ</B>).

The
<I>bufp</I>

and
<I>len</I>

arguments are ignored.
<DT id="14"><B>SYSLOG_ACTION_SIZE_BUFFER</B> (10) (since Linux 2.6.6)

<DD>
This command returns the total size of the kernel log buffer.
The
<I>bufp</I>

and
<I>len</I>

arguments are ignored.
</DL>
<P>

All commands except 3 and 10 require privilege.
In Linux kernels before 2.6.37,
command types 3 and 10 are allowed to unprivileged processes;
since Linux 2.6.37,
these commands are allowed to unprivileged processes only if
<I>/proc/sys/kernel/dmesg_restrict</I>

has the value 0.
Before Linux 2.6.37, &quot;privileged&quot; means that the caller has the
<B>CAP_SYS_ADMIN</B>

capability.
Since Linux 2.6.37,
&quot;privileged&quot; means that the caller has either the
<B>CAP_SYS_ADMIN</B>

capability (now deprecated for this purpose) or the (new)
<B>CAP_SYSLOG</B>

capability.


<A NAME="lbAG">&nbsp;</A>
<H3>/proc/sys/kernel/printk</H3>

<I>/proc/sys/kernel/printk</I>

is a writable file containing four integer values that influence kernel
<I>printk()</I>

behavior when printing or logging error messages.
The four values are:
<DL COMPACT>
<DT id="15"><I>console_loglevel</I>

<DD>
Only messages with a log level lower than this value will
be printed to the console.
The default value for this field is
<B>DEFAULT_CONSOLE_LOGLEVEL</B>

(7), but it is set to
4 if the kernel command line contains the word &quot;quiet&quot;, 10 if the kernel command line contains the word &quot;debug&quot;,
and to 15 in case
of a kernel fault (the 10 and 15 are just silly, and equivalent to 8).
The value of
<I>console_loglevel</I>

can be set (to a value in the range 1-8) by a
<B>syslog</B>()

call with a
<I>type</I>

of 8.
<DT id="16"><I>default_message_loglevel</I>

<DD>
This value will be used as the log level for
<I>printk()</I>

messages that do not have an explicit level.
Up to and including Linux 2.6.38,
the hard-coded default value for this field was 4
(<B>KERN_WARNING</B>);

since Linux 2.6.39,

the default value is a defined by the kernel configuration option
<B>CONFIG_DEFAULT_MESSAGE_LOGLEVEL</B>,

which defaults to 4.
<DT id="17"><I>minimum_console_loglevel</I>

<DD>
The value in this field is the minimum value to which
<I>console_loglevel</I>

can be set.
<DT id="18"><I>default_console_loglevel</I>

<DD>
This is the default value for
<I>console_loglevel</I>.



</DL>
<A NAME="lbAH">&nbsp;</A>
<H3>The log level</H3>

Every
<I>printk</I>()

message has its own log level.
If the log level is not explicitly specified as part of the message,
it defaults to
<I>default_message_loglevel</I>.

The conventional meaning of the log level is as follows:
<TABLE>
<TR VALIGN=top><TD><B>Kernel constant</B></TD><TD><B>Level value</B></TD><TD><B>Meaning</B><BR></TD></TR>
<TR VALIGN=top><TD><B>KERN_EMERG</B></TD><TD ALIGN=center>0</TD><TD>System is unusable<BR></TD></TR>
<TR VALIGN=top><TD><B>KERN_ALERT</B></TD><TD ALIGN=center>1</TD><TD>Action must be taken immediately<BR></TD></TR>
<TR VALIGN=top><TD><B>KERN_CRIT</B></TD><TD ALIGN=center>2</TD><TD>Critical conditions<BR></TD></TR>
<TR VALIGN=top><TD><B>KERN_ERR</B></TD><TD ALIGN=center>3</TD><TD>Error conditions<BR></TD></TR>
<TR VALIGN=top><TD><B>KERN_WARNING</B></TD><TD ALIGN=center>4</TD><TD>Warning conditions<BR></TD></TR>
<TR VALIGN=top><TD><B>KERN_NOTICE</B></TD><TD ALIGN=center>5</TD><TD>Normal but significant condition<BR></TD></TR>
<TR VALIGN=top><TD><B>KERN_INFO</B></TD><TD ALIGN=center>6</TD><TD>Informational<BR></TD></TR>
<TR VALIGN=top><TD><B>KERN_DEBUG</B></TD><TD ALIGN=center>7</TD><TD>Debug-level messages<BR></TD></TR>
</TABLE>

<P>
The kernel
<I>printk()</I>

routine will print a message on the
console only if it has a log level less than the value of
<I>console_loglevel</I>.

<A NAME="lbAI">&nbsp;</A>
<H2>RETURN VALUE</H2>

For <I>type</I> equal to 2, 3, or 4, a successful call to
<B>syslog</B>()

returns the number
of bytes read.
For <I>type</I> 9,
<B>syslog</B>()

returns the number of bytes currently
available to be read on the kernel log buffer.
For <I>type</I> 10,
<B>syslog</B>()

returns the total size of the kernel log buffer.
For other values of <I>type</I>, 0 is returned on success.
<P>

In case of error, -1 is returned,
and <I>errno</I> is set to indicate the error.
<A NAME="lbAJ">&nbsp;</A>
<H2>ERRORS</H2>

<DL COMPACT>
<DT id="19"><B>EINVAL</B>

<DD>
Bad arguments (e.g.,
bad
<I>type</I>;

or for
<I>type</I>

2, 3, or 4,
<I>buf</I>

is NULL,
or
<I>len</I>

is less than zero; or for
<I>type</I>

8, the
<I>level</I>

is outside the range 1 to 8).
<DT id="20"><B>ENOSYS</B>

<DD>
This
<B>syslog</B>()

system call is not available, because the kernel was compiled with the
<B>CONFIG_PRINTK</B>

kernel-configuration option disabled.
<DT id="21"><B>EPERM</B>

<DD>
An attempt was made to change
<I>console_loglevel</I>

or clear the kernel
message ring buffer by a process without sufficient privilege
(more precisely: without the
<B>CAP_SYS_ADMIN</B>

or
<B>CAP_SYSLOG</B>

capability).
<DT id="22"><B>ERESTARTSYS</B>

<DD>
System call was interrupted by a signal; nothing was read.
(This can be seen only during a trace.)
</DL>
<A NAME="lbAK">&nbsp;</A>
<H2>CONFORMING TO</H2>

This system call is Linux-specific and should not be used in programs
intended to be portable.
<A NAME="lbAL">&nbsp;</A>
<H2>NOTES</H2>

From the very start, people noted that it is unfortunate that
a system call and a library routine of the same name are entirely
different animals.




<A NAME="lbAM">&nbsp;</A>
<H2>SEE ALSO</H2>

<B><A HREF="/cgi-bin/man/man2html?1+dmesg">dmesg</A></B>(1),

<B><A HREF="/cgi-bin/man/man2html?3+syslog">syslog</A></B>(3),

<B><A HREF="/cgi-bin/man/man2html?7+capabilities">capabilities</A></B>(7)

<A NAME="lbAN">&nbsp;</A>
<H2>COLOPHON</H2>

This page is part of release 5.05 of the Linux
<I>man-pages</I>

project.
A description of the project,
information about reporting bugs,
and the latest version of this page,
can be found at
<A HREF="https://www.kernel.org/doc/man-pages/.">https://www.kernel.org/doc/man-pages/.</A>
<P>

<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="23"><A HREF="#lbAB">NAME</A><DD>
<DT id="24"><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT id="25"><A HREF="#lbAD">DESCRIPTION</A><DD>
<DL>
<DT id="26"><A HREF="#lbAE">The kernel log buffer</A><DD>
<DT id="27"><A HREF="#lbAF">Commands</A><DD>
<DT id="28"><A HREF="#lbAG">/proc/sys/kernel/printk</A><DD>
<DT id="29"><A HREF="#lbAH">The log level</A><DD>
</DL>
<DT id="30"><A HREF="#lbAI">RETURN VALUE</A><DD>
<DT id="31"><A HREF="#lbAJ">ERRORS</A><DD>
<DT id="32"><A HREF="#lbAK">CONFORMING TO</A><DD>
<DT id="33"><A HREF="#lbAL">NOTES</A><DD>
<DT id="34"><A HREF="#lbAM">SEE ALSO</A><DD>
<DT id="35"><A HREF="#lbAN">COLOPHON</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:05:35 GMT, March 31, 2021
</BODY>
</HTML>