all experts,
I'm writing my own daemon that has similar function as the standard syslogd. Below is my c code to send a log message to remote syslogd server 10.0.0.3. The remote syslogd server 10.0.0.3 is a windows machine and I run Kiwi Syslog Service Manager there (downloaded from Internet). The Kiwi syslog server can receive log messages I sent, but the messages it shows are either empty or has only one character (the last column is the message):
10-11-2011 14:21:01 User.Emerg 10.0.0.1 O
10-11-2011 开发者_如何学运维14:21:00 User.Emerg 10.0.0.1 T
10-11-2011 14:21:01 User.Warning 10.0.0.1
I don't know which excactly corresponds to my pLogMessage in the code, but it got to be one of these 3.
Can any expert tell me why the received message is not corret? Thanks a lot!
char *pLogMessage = "Tue Oct 11 11:14:20 2011:cli:journal:LOG_INFO: cgr_cli_main.c:232--his books are all jammed in the close\r\n";
CGR_INT socketFileDescriptor = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
struct sockaddr_in sockServerAddr;
memset(&sockServerAddr, 0, sizeof(struct sockaddr_in));
sockServerAddr.sin_family = AF_INET;
sockServerAddr.sin_addr.s_addr = inet_addr("10.0.0.3"); /* remote syslogd server ip */
sockServerAddr.sin_port = htons(514);
/* send the log message to the socket */
size_t bytesSent = sendto(socketFileDescriptor, /* socket file descriptor */
pLogMessage, /* message to be sent */
sizeof(pLogMessage), /* message size in bytes */
0, /* flag: ? */
(struct sockaddr *)&sockServerAddr, /* points to a sockaddr structure containing the destination address */
sizeof(sockServerAddr)); /* specifies the length of the sockaddr structure pointed to by the previous argument */
/* close socket */
close(socketFileDescriptor);
A proper syslog message has the following format:
<30>Oct 12 12:49:06 host app[12345]: syslog msg
The number within the <> signs is the priority which is composed of the severity and facility values. Also you are missing the hostname from the message. This may be a reason why the syslog server fails to parse your message. The line terminator \r\n is not required for UDP. See rfc3164 for the details.
The code is also buggy, you should use strlen(pLogMessage) instead of sizeof(pLogMessage).
精彩评论