TITLE: Using metalog instead of sysklogd LFS VERSION: 3.0-rc1 AUTHOR: Laurence Withers SYNOPSIS: How to set up and use metalog, a replacement for the system/kernel logging daemon. Metalog is simpler to use, and more powerful. This hint is useful both during building an LFS system, and after you have one set up. See http://metalog.sf.net/ . HINT: 0. Contents ----------- 1. Introduction 2. Compiling, installing 3. Creating /etc/metalog.conf 4. Changing /etc/init.d/sysklogd 5. Logging to a console Appendix A. Building LFS with metalog 1. Introduction --------------- Why metalog? Well, it is a decent replacement for sysklogd, the package currently used in LFS to perform system and kernel logging. It has a simpler (and yet more powerful) configuration file, supports maximum log file size, rotates old logs, and buffers log messages in memory (thus improving system performance). This hint will walk you through the installation and set up of metalog. Please also read the metalog documentation when creating /etc/metalog.conf; it will let you know about all sorts of options you can use. 2. Compiling, installing ------------------------ I used version 0.6 of metalog on my system, but these instructions should be useful whichever version you have. Examine the `README' file if you have a different version. Firstly, you need to install the PCRE library (Perl Compatible Regular Expressions). This is available from http://www.pcre.org/ . I used version 3.5, but again, any version should be fine. After extracting the archive and changing to its directory, type: # CFLAGS="-O2" ./configure --prefix=/usr # make # make install # ldconfig Now, installation of metalog is simple. Extract the archive and change to its directory, and type: # ./configure --prefix=/usr # make install-strip Metalog is now installed. 3. Creating /etc/metalog.conf ----------------------------- Read the metalog README for the exact rules on how to create a configuration file. This file is a good start, however: # /etc/metalog.conf # Configuration for metalog (replacement for syslog et al.) maxsize = 100000 maxtime = 86400 maxfiles = 3 Kernel messages : facility = "kern" logdir = "/var/log/kernel" Authorisation messages : facility = "auth" facility = "authpriv" logdir = "/var/log/auth" Daemon messages : facility = "daemon" logdir = "/var/log/daemon" FTP, mail, news : facility = "ftp" facility = "mail" facility = "news" logdir = "/var/log/ftp-mail-news" Printing : facility = "lpr" logdir = "/var/log/printer" Security : facility = "security" logdir = "/var/log/security" System : facility = "syslog" logdir = "/var/log/syslog" Serious stuff : facility = "*" minimum = 2 logdir = "/var/log/critical" # end For each `logdir' mentioned in the above file, you need to create a directory. Metalog will install some files in that directory. The log can be accessed as $logdir/current (for instance, /var/log/critical/current ). For the configuration file above, type: # cd /var/log # mkdir kernel auth daemon ftp-mail-news printer # mkdir critical security syslog You can also delete the old log files: /var/log/*.log . I would recommend doing this once you have rebooted the system and no longer have sysklogd running. 4. Changing /etc/init.d/sysklogd -------------------------------- In order to get metalog running instead of sysklogd, you need to change the startup script /etc/init.d/sysklogd . You can rename this file to metalog if you like, but I had already set up the symlinks and it was easier to edit the file. Simply copy the following: #!/bin/sh # Begin /etc/init.d/sysklogd # # Include the functions declared in the /etc/init.d/functions file # source /etc/init.d/functions case "$1" in start) echo -n "Starting metalog daemon..." loadproc /usr/sbin/metalog -B ;; stop) echo -n "Stopping metalog daemon..." killproc metalog ;; reload) echo -n "Reloading system log daemon configuration file..." reloadproc metalog 1 ;; restart) $0 stop /usr/bin/sleep 1 $0 start ;; status) statusproc /usr/sbin/metalog ;; *) echo "Usage: $0 {start|stop|reload|restart|status}" exit 1 ;; esac # End /etc/init.d/sysklogd 5. Logging to a console ----------------------- Unlike sysklogd, metalog doesn't immediately write anything it logs to disk. This means that `tail -f' doesn't really do the job anymore. I use a shell script to print to a console, however. Add the following to /etc/metalog.conf: # start Log to a console : facility = "*" command = "/usr/sbin/consolelog.sh 12" # end Obviously, you can change the `facility', `minimum', etc. to suit yourself. Also, you can combine `command' and `logdir' in a single entry. See metalog's README for more details. The `12' in the commandline is the VT to print to. Create the /usr/sbin/consolelog.sh script like this: # cat >/usr/sbin/consolelog.sh <#!/bin/sh ># /usr/sbin/consolelog.sh ># For metalog -- log something to a console > >echo "$2 [$3] $4" >/dev/tty$1 > >EOF # chmod +x /usr/sbin/consolelog.sh You can change the formatting of the echo command as needed; $2 is the date, $3 is the name of the program sending the entry, $4 is the entry text, and $1 is the VT to print to. Appendix A. Building LFS with metalog ------------------------------------- This is a trivial change to make. Obviously, you no longer need to install the `sysklogd' package. When you come to install this package, install PCRE and then metalog instead (step 2). Rather than creating /etc/syslog.conf and /var/log/*.log, create /etc/metalog.conf (step 3) and its directories. Finally, don't use the LFS-provided /etc/init.d/sysklogd script, use the one given in step 4.