0

I often write logfiles in /tmp or /var when making large or complicated bash scripts to aid in debugging or simply to track program flow. I usually do something akin to echo "$(date '+%Y-%m-%d_%H:%M:%S') something happened" > /tmp/log which is fine, but not something that can be readily ingested into programs expecting a "standard" syslog format (Apache jokes aside). I've tried getting the logger command to create a new logfile somewhere but there doesn't seem to be an option for it. I suspect it leaves that part up to syslogd and it's facility config.

I could modify my "standard" format above to include hostname, a bunk facility and PID, but there are probably other nuances and formats I might be overlooking that someone has already figured out.

Is there a utility similar to logger which can write an RFCxxx formatted logfile without going through syslog?

Improve this question
2
  • logger indeed prints messages to the system log, so directing that to files is up to whatever you have there managing syslog. But you seem to know that, so what's the question? Commented Oct 27, 2021 at 10:54
  • Including an actual question in the post would have helped I suppose ツ. Not sure how that got left out. Thanks, and Updated. Commented Oct 28, 2021 at 11:27

1 Answer 1

Reset to default
0

I think you could just do that by hand...

The fun part is the various formats. Here's functions for Bash to produce both RFC 5424 and RFC 3164 style messages. The %06N and %:z formats in the timestamp of the first one may require GNU date, I'm not sure.

#!/bin/bash

# print RFC 5424 syslog message, without structured data,
# somewhat like 'logger -i --rfc5424=notq', e.g.
# <13>1 2021-10-28T14:48:10.613772+03:00 myhost ilkkachu 20415 - - a problem happened
# format is
# <prio>version date host tag pid - - message
lognew() {
        local facility="${log_facility-5}"  # default 'user'
        local severity="$1"
        shift 
        local prio=$(( facility*8 + severity ))
        local version=1
        local date=$(date +"%Y-%m-%dT%H:%M:%S.%06N%:z")
        local tag="${log_tag-$USER}"        # default to username 
        local pid="$$"
        local IFS=" "
        local message="$*"
        printf "<%d>%d %s %s %s %d - - %s\n" "$prio" "$version" "$date" "$HOSTNAME" "$tag" "$pid" "$message"
}

# print RFC 3164 syslog message,
# somewhat like 'logger -i --rfc3164'
# <13>Oct 28 14:49:13 myhost ilkkachu[20418]: another problem happened
# format:
# <prio>date host tag[pid]: message
logold() {
        local facility="${log_facility-5}"  # default 'user'
        local severity="$1"
        shift
        local prio=$(( facility*8 + severity ))
        local date=$(LC_ALL=C date +"%b %_d %H:%M:%S")
        local tag="${log_tag-$USER}"        # default to username 
        local pid="$$"
        local IFS=" "
        local message="$*"
        printf "<%d>%s %s %s[%d]: %s\n" "$prio" "$date" "$HOSTNAME" "$tag" "$pid" "$message"
}

log_facility=1 # user
log_tag="test"

# 6 = info
lognew 6 testing messaging
# 4 = warning
logold 4 obsolete message format

The PID printed is that of the script, and the output is something like this:

<14>1 2021-10-28T15:06:17.413125+03:00 myhost test 20499 - - testing messaging
<12>Oct 28 15:06:17 myhost test[20499]: obsolete message format
Improve this answer
1
  • If nothing else turns up, this is perfect, thanks. Commented Dec 6, 2021 at 19:27

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.