Writing to syslog

akbooer · January 23, 2014, 9:49am

Several people have asked for this, so…

… if you want to write messages to a syslog somewhere, this little piece of code will do it:

-- January, 2014  @akbooer
local socket = require "socket"
local function syslog_server (ip_and_port, tag, hostname)
  local sock = socket.udp()
  local facility = 1    -- 'user'
  local emergency, alert, critical, error, warning, notice, info, debug = 0,1,2,3,4,5,6,7
  local ip, port = ip_and_port: match "^(%d+%.%d+%.%d+%.%d+):(%d+)$"
  if not ip or not port then return nil, "invalid IP or PORT" end
  local serialNo = luup.pk_accesspoint
  hostname = ("Vera-"..serialNo) or "Vera"
  if not tag or tag == '' then tag = "Plugin" end
  tag = tag: gsub("[^%w]","")  -- only alphanumeric, no spaces or other
  local function send (self, content, severity)
    content  = tostring (content)
    severity = tonumber (severity) or info
    local priority = facility*8 + (severity%8)
    local msg = ("<%d>%s %s %s: %s\n"):format (priority, os.date "%b %d %H:%M:%S", hostname, tag, content)
    sock:send (msg) 
  end
  local ok, err = sock:setpeername(ip, port)
  if ok then ok = {send = send} end
  return ok, err
end

You use it like this…

b Initialisation:[/b]

Just ONCE, either in Startup Lua (if you’re going to use this from scene code), or in your app’s init phase, set up the connection and other static data.

syslog, err = syslog_server (syslogInfo, syslogTag)
if not syslog then luup.log ('UDP syslog service error: '..err) end

[ul][li][tt]syslogInfo[/tt] - a string containing the IP and PORT of your syslog server, eg. “172.16.55:514”[/li]
[li][tt]syslogTag[/tt] - a string with the tag name for your app (anything other than alphanumeric will be stripped off, eg. no spaces)[/li]
[li]the hostname field is filled in with [tt]Vera-nnnnnn[/tt], where nnnnnn is the serial number of your Vera[/li]
[li]the facility level is set to [tt]user[/tt][/li][/ul]

b Sending a message:[/b]

Whenever/wherever you like, send a message.

if syslog then syslog:send (message) end

[ul][li]note that this uses the colon syntax, not the dot notation[/li]
[li]an optional second parameter (0-7) is the severity level, default is 6[/li]
[li][tt](emergency, alert, critical, error, warning, notice, info, debug = 0,1,2,3,4,5,6,7)[/tt][/li][/ul]

I’ve replaced most of my [tt]luup.log (message)[/tt] calls with [tt]syslog:send (message)[/tt], so no need to trawl through Vera’s log anymore and that means removing one whole app which was there just for that purpose.

Since syslog uses UDP datagrams, the system/network load is very low, there is no acknowledgement of receipt or handshake, and networks errors may mean that messages do not get to their destination. However, (a) this very rarely happens, (b) it doesn’t really matter for non-critical notifications.

Enjoy.

parkerc · January 25, 2014, 7:56am

Hi @akbooer

What is the best resource you’ve found for setting up a syslog server ?

I have a NAS with MySQL on it, (most do nowadays) so I’d be interested to hear your thoughts on how that could be used for data capture/storage too. I had set it up to be the store for an Alternative Event Server, but had some issues with dates/time stamps .

akbooer · January 25, 2014, 8:48am

I have absolutely no idea. I’m just testing this with my Mac system I use for development and which has syslog already (but needed a tiny bit of config to allow remote calls.)

My NAS is an Apple Time Capsule… No MySQL, so far as I know. Sorry.

sparkejj · January 25, 2014, 10:39am

Synology offer a Syslog package for their NAS line-up.

Weeves · January 25, 2014, 12:04pm

rSyslog is easy to integrate with Mysql http://www.rsyslog.com/

RexBeckett · January 26, 2014, 10:44pm

I have this installed on my Synology NAS and it works really well. The interface is simple but effective. Being free, it is excellent value. ;D

olivas · February 11, 2014, 5:56am

You can always try this for setting up a syslog server, it is from the FreeBSd handbook – but it should give you a good idea on what needs to be done:

http://www.freebsd.org/doc/handbook/network-syslogd.html

or

http://www.executionunit.com/en/blog/2007/01/28/freebsd-centralised-logging/

For mac:

http://hintsforums.macworld.com/archive/index.php/t-31075.html

parkerc · October 25, 2014, 7:15am

Hi @Akbooer

Please can I just confirm the order for this as I want to add a syslog entry to go along with my push Prowl notifications

So if I have understood it correctly - this bit of code goes into the Lua Start up.

[quote=“akbooer, post:1, topic:179030”]syslog, err = syslog_server (192.168.1.45:514, nodecentral) if not syslog then luup.log ('UDP syslog service error: '..err) end[/quote]

And then I would use this in the scene to send the message

[quote=“akbooer, post:1, topic:179030”]if syslog then syslog:send (message) end[/quote]

Where does this go ?

[quote=“akbooer, post:1, topic:179030”]-- January, 2014 @akbooer local socket = require "socket" local function syslog_server (ip_and_port, tag, hostname) local sock = socket.udp() local facility = 1 -- 'user' local emergency, alert, critical, error, warning, notice, info, debug = 0,1,2,3,4,5,6,7 local ip, port = ip_and_port: match "^(%d+%.%d+%.%d+%.%d+):(%d+)$" if not ip or not port then return nil, "invalid IP or PORT" end local serialNo = luup.pk_accesspoint hostname = ("Vera-"..serialNo) or "Vera" if not tag or tag == '' then tag = "Plugin" end tag = tag: gsub("[^%w]","") -- only alphanumeric, no spaces or other local function send (self, content, severity) content = tostring (content) severity = tonumber (severity) or info local priority = facility*8 + (severity%8) local msg = ("<%d>%s %s %s: %s\n"):format (priority, os.date "%b %d %H:%M:%S", hostname, tag, content) sock:send (msg) end local ok, err = sock:setpeername(ip, port) if ok then ok = {send = send} end return ok, err end[/quote]

Sorry if I’m missing the obvious.

RexBeckett · October 25, 2014, 9:25am

Chris, the syslog_server function also goes in Startup Lua - above the two lines that call it.

parkerc · December 21, 2014, 5:32pm

As I’m now using my new QNAP as a Syslog server i was curious by the difference in entries. Is there a global format (order of data) that apps writing to a syslog server should follow.

See an extract of three log entries,

<30>1 2014-12-21T15:46:05+00:00 QNAPNAS00 qlogd 10431 - - qlogd[10431]: conn log: Users: sonos	Source IP: 192.168.1.2	Computer name: 192.168.1.2	Connection type: SAMBA	Accessed resources: Multimedia/Music/An Easy Christmas - Various Artists/02 The Christmas Song (Chestnuts Roa.mp3	Action: Read	
			
<14>1 2014-12-21T15:47:21+00:00 Vera-12345678 EventWatcher - - - EventWatcher: T [258] Emma's - Temperature Sensor	CurrentTemperature = 17		
						
<30>1 2014-12-21T15:48:36+00:00 QNAPNAS00 qlogd 10431 - - qlogd[10431]: conn log: Users: sonos	Source IP: 192.168.1.4	Computer name: 192.168.1.4	Connection type: SAMBA	Accessed resources: Multimedia/Music/An Easy Christmas - Various Artists/03 Santa Baby.mp3	Action: Read

Is it possible to add more items to the EventWatcher entries, e.g Source IP:, Connection type:, Action:, etc.

akbooer · December 22, 2014, 2:32pm

The format of the UDP Datagram with the time, source, severity and message is defined, AFAIK, however, the content of the message is entirely up to the sender.

otakup0pe · December 24, 2014, 5:15am

this is pretty cool! look forward to using it.

now just to get the rest of LuaUPnP.log flowing to my syslog server…

akbooer · December 24, 2014, 8:28am

this is what the EventWatcher plugin uses. It doesn’t generate a complete Vera log, but you can watch whole classes of devices or individual variables.

parkerc · March 15, 2015, 11:01pm

Hi @akbooer, Rex etc.

Is it possible for Vera (via some Lua) to read (search for specific data) from a Syslog server?

I’m sending more and more events to my syslog server, From various devices in the house, so I was wondering - would it be possible to create code to read as well as write?

RexBeckett · March 15, 2015, 11:07pm

Is it possible for Vera (via some Lua) to read (search for specific data) from a Syslog server?

Only if your SysLog server has an API that supports remote searching. I use a Synology NAS as a SysLog server. It has a built-in viewer with search facilities.

akbooer · March 15, 2015, 11:07pm

Sorry, I don’t know the answer to that. I do know that I don’t know how to do it: for me, syslog is write-only memory (so far as Vera is concerned).

I wrote [tt]DataYours[/tt] for information archival and retrieval purposes.

parkerc · March 15, 2015, 11:23pm

Hi Rex

My QNAP has a built in viewer too, with search capabilities, plus I think I’ve got the file it writes to to be a .csv so I can open that up and search. ( I guess)

There is a lot of good stuff being written to the log, it would be great if some could be used as triggers.

Maybe i should explore Vera being the syslog server ?

RexBeckett · March 15, 2015, 11:30pm

Maybe i should explore Vera being the syslog server ?

Personally I think that is a terrible idea. :o

There is a lot of good stuff being written to the log, it would be great if some could be used as triggers.

Perhaps you could persuade the source of this good stuff to send it to Vera via http?

parkerc · March 16, 2015, 7:24am

[quote=“RexBeckett, post:18, topic:179030”]

Maybe i should explore Vera being the syslog server ?

Personally I think that is a terrible idea. :o

There is a lot of good stuff being written to the log, it would be great if some could be used as triggers.

Perhaps you could persuade the source of this good stuff to send it to Vera via http?[/quote]

Sorry Rex, That’s kind of what I meant, ( just very badly expressed ) - to have all the events sent to Vera so they can be processed (not necessarily to be stored) - maybe some sort of middleware between and the syslog server and Vera ?

akbooer · March 16, 2015, 7:35am

This is sort of what [tt]EventWatcher[/tt] does?