Linux 中的守护进程日志记录
所以我有一个在 Linux 系统上运行的守护进程,我想要记录它的活动:日志。 问题是,实现这一目标的“最佳”方法是什么?
我的第一个想法是简单地打开一个文件并写入它。
FILE* log = fopen("logfile.log", "w");
/* daemon works...needs to write to log */
fprintf(log, "foo%s\n", (char*)bar);
/* ...all done, close the file */
fclose(log);
以这种方式记录有什么本质上的错误吗? 有没有更好的方法,比如Linux内置的一些框架?
So I have a daemon running on a Linux system, and I want to have a record of its activities: a log. The question is, what is the "best" way to accomplish this?
My first idea is to simply open a file and write to it.
FILE* log = fopen("logfile.log", "w");
/* daemon works...needs to write to log */
fprintf(log, "foo%s\n", (char*)bar);
/* ...all done, close the file */
fclose(log);
Is there anything inherently wrong with logging this way? Is there a better way, such as some framework built into Linux?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(10)
Unix 长期以来一直有一个名为 syslog 的特殊日志框架。 输入您的 shell
,您将获得 C 接口的帮助。
一些 示例
Unix has had for a long while a special logging framework called syslog. Type in your shell
and you'll get the help for the C interface to it.
Some examples
这个
可能会是一场赛马,但是,是的,大多数(如果不是全部)Un*x 衍生品中存在的系统日志工具是首选方式。 记录到文件没有任何问题,但它确实给您留下了许多任务:Syslog 会为您处理所有这一切以及更多事务。 该 API 与 printf 家族类似,因此您调整代码应该没有问题。
This
is probably going to be awas horse race, but yes the syslog facility which exists in most if not all Un*x derivatives is the preferred way to go. There is nothing wrong with logging to a file, but it does leave on your shoulders an number of tasks:Syslog takes care of all this, and more, for you. The API is similar the printf clan so you should have no problems adapting your code.
在大型(或安全意识更强)的安装中,syslog 的另一个优点是:syslog 守护进程可以配置为将日志发送到另一台服务器进行记录,而不是本地文件系统(或除了本地文件系统之外)。
将服务器场的所有日志放在一个位置比必须在每台计算机上单独读取它们要方便得多,特别是当您尝试将一台服务器上的事件与另一台服务器上的事件关联时。 当一个服务器被破解时,你就不能再相信它的日志了……但是如果日志服务器保持安全,你知道它的日志中不会删除任何内容,因此任何入侵记录都将完好无损。
One other advantage of syslog in larger (or more security-conscious) installations: The syslog daemon can be configured to send the logs to another server for recording there instead of (or in addition to) the local filesystem.
It's much more convenient to have all the logs for your server farm in one place rather than having to read them separately on each machine, especially when you're trying to correlate events on one server with those on another. And when one gets cracked, you can't trust its logs any more... but if the log server stayed secure, you know nothing will have been deleted from its logs, so any record of the intrusion will be intact.
当我进行单元测试时,我向 daemon.info 和 daemon.debug 吐出很多守护进程消息。 syslog.conf 中的一行可以将这些消息粘贴到您想要的任何文件中。
http://www.linuxjournal.com/files在我看来,/linuxjournal.com/linuxjournal/articles/040/4036/4036s1.html 对 C API 的解释比手册页更好。
I spit a lot of daemon messages out to daemon.info and daemon.debug when I am unit testing. A line in your syslog.conf can stick those messages in whatever file you want.
http://www.linuxjournal.com/files/linuxjournal.com/linuxjournal/articles/040/4036/4036s1.html has a better explanation of the C API than the man page, imo.
Syslog 是一个不错的选择,但您可能希望考虑查看 log4c。 log4[something] 框架在其 Java 和 Perl 实现中运行良好,并允许您从配置文件选择记录到系统日志、控制台、平面文件或用户定义的日志编写器。 您可以为每个模块定义特定的日志上下文,并使每个上下文日志处于您的配置所定义的不同级别。 (跟踪、调试、信息、警告、错误、关键),并让您的守护进程通过捕获信号来动态重新读取该配置文件,从而允许您操纵正在运行的服务器上的日志级别。
Syslog is a good option, but you may wish to consider looking at log4c. The log4[something] frameworks work well in their Java and Perl implementations, and allow you to - from a configuration file - choose to log to either syslog, console, flat files, or user-defined log writers. You can define specific log contexts for each of your modules, and have each context log at a different level as defined by your configuration. (trace, debug, info, warn, error, critical), and have your daemon re-read that configuration file on the fly by trapping a signal, allowing you to manipulate log levels on a running server.
如上所述,您应该查看系统日志。 但如果您想编写自己的日志记录代码,我建议您使用 fopen 的“a”(写入追加)模式。
编写自己的日志记录代码的一些缺点是:日志轮换处理、锁定(如果有多个线程)、同步(是否要等待日志写入磁盘?)。 syslog 的缺点之一是应用程序不知道日志是否已写入磁盘(它们可能已丢失)。
As stated above you should look into syslog. But if you want to write your own logging code I'd advise you to use the "a" (write append) mode of fopen.
A few drawbacks of writing your own logging code are: Log rotation handling, Locking (if you have multiple threads), Synchronization (do you want to wait for the logs being written to disk ?). One of the drawbacks of syslog is that the application doesn't know if the logs have been written to disk (they might have been lost).
如果您使用线程并且使用日志记录作为调试工具,您将需要寻找一个使用某种线程安全但未锁定的环形缓冲区的日志记录库。 每个线程一个缓冲区,仅在严格需要时才使用全局锁。
这可以避免日志记录导致软件严重变慢,也可以避免创建在添加调试日志记录时发生变化的 heisenbug。
如果它有一个高速压缩的二进制日志格式,在记录过程中不会浪费时间进行格式操作,并且有一些不错的日志解析和显示工具,那就是一个奖励。
我会为此提供一些好的代码的参考,但我自己没有。 我只想要一个。 :)
If you use threading and you use logging as a debugging tool, you will want to look for a logging library that uses some sort of thread-safe, but unlocked ring buffers. One buffer per thread, with a global lock only when strictly needed.
This avoids logging causing serious slowdowns in your software and it avoids creating heisenbugs which change when you add debug logging.
If it has a high-speed compressed binary log format that doesn't waste time with format operations during logging and some nice log parsing and display tools, that is a bonus.
I'd provide a reference to some good code for this but I don't have one myself. I just want one. :)
我们的嵌入式系统没有系统日志,因此我编写的守护进程使用“a”打开模式对文件进行调试,类似于您所描述的方式。 我有一个函数可以打开日志文件,吐出消息,然后关闭文件(我只在发生意外情况时才这样做)。 但是,我还必须编写代码来处理日志轮换,正如其他评论者提到的那样,其中包含 'tail -c 65536 logfile > 日志文件tmp && mv logfiletmp 日志文件'. 它非常粗糙,也许应该称为“日志正面截断”,但它可以阻止我们基于小型 RAM 磁盘的文件系统填满日志文件。
Our embedded system doesn't have syslog so the daemons I write do debugging to a file using the "a" open mode similar to how you've described it. I have a function that opens a log file, spits out the message and then closes the file (I only do this when something unexpected happens). However, I also had to write code to handle log rotation as other commenters have mentioned which consists of 'tail -c 65536 logfile > logfiletmp && mv logfiletmp logfile'. It's pretty rough and maybe should be called "log frontal truncations" but it stops our small RAM disk based filesystem from filling up with log file.
有很多潜在的问题:例如,如果磁盘已满,您是否希望守护程序失败? 此外,您每次都会覆盖您的文件。 通常使用循环文件,这样您就可以在计算机上为文件分配空间,但您可以保留足够的历史记录以供使用,而不会占用太多空间。
有像 log4c 这样的工具可以帮助你。 如果您的代码是 C++,那么您可能会考虑在 Apache 项目中使用 log4cxx(在 ubuntu/debian 上 apt-get install liblog4cxx9-dev),但看起来您正在使用 C。
There are a lot of potential issues: for example, if the disk is full, do you want your daemon to fail? Also, you will be overwriting your file every time. Often a circular file is used so that you have space allocated on the machine for your file, but you can keep enough history to be useful without taking up too much space.
There are tools like log4c that you can help you. If your code is c++, then you might consider log4cxx in the Apache project (apt-get install liblog4cxx9-dev on ubuntu/debian), but it looks like you are using C.
到目前为止,没有人提到 boost 日志库,它有很好的重定向您的简单方法
将消息记录到文件或系统日志接收器甚至 Windows 事件日志。
So far nobody mentioned boost log library which has nice and easy way to redirect your
log messages to files or syslog sink or even Windows event log.