Our application calls syslog(3c) to write to the local syslog daemon,
and we were puzzled when some messages weren't appearing in the local
/var/adm/messages file. We wrote a test program to spew 60000 unique
messages, and confirmed that not all syslog calls result in
corresponding entries in /var/adm/messages.
Here's the sample program:
$ cat Main.cpp
#include <string>
#include "syslog.h"
void *makeConnection(void *v)
{
int start = (int)v;
char buffer[10];
for (int i = start; i <start + 10000; i++)
{
sprintf(buffer, "%d", i);
syslog(LOG_NOTICE, buffer);
}
}
int main(int argc, char *argv[])
{
openlog(argv[1], LOG_PID, LOG_DAEMON);
pthread_t thr1;
pthread_create(&thr1, NULL, makeConnection, (void *)1);
pthread_t thr2;
pthread_create(&thr2, NULL, makeConnection, (void *)10001);
pthread_t thr3;
pthread_create(&thr3, NULL, makeConnection, (void *)20001);
pthread_t thr4;
pthread_create(&thr4, NULL, makeConnection, (void *)30001);
pthread_t thr5;
pthread_create(&thr5, NULL, makeConnection, (void *)40001);
pthread_t thr6;
pthread_create(&thr6, NULL, makeConnection, (void *)50001);
pthread_join(thr1, NULL);
pthread_join(thr2, NULL);
pthread_join(thr3, NULL);
pthread_join(thr4, NULL);
pthread_join(thr5, NULL);
pthread_join(thr6, NULL);
closelog();
}
Compile as follows:
$ g++ -o syslogTest Main.cpp -lposix4 -lthread
In the following session, dtrace shows 60000 syslog opens, but fewer
than 40000 entries were written to /var/adm/messages.
$ uname -a
SunOS tulip 5.11 snv_134 i86pc i386 i86pc
First, I nuke /var/adm/messages to ensure that we're starting with a
clean slate, and then call the syslogTest program via dtrace to
confirm the number of syslog calls.
# pfexec cp /dev/null /var/adm/messages
# pfexec dtrace -n 'pid$target::syslog:entry { @num[execname] = count() ; }'
-c syslogTest
dtrace: description 'pid$target::syslog:entry ' matched 1 probe
dtrace: pid 699 has exited
syslogTest 60000
Unfortunately, less than sixty thousand messages were written to
/var/adm/messages:
$ wc -l /var/adm/messages
36855 /var/adm/messages
The number of entries in /var/adm/messages varies, but is typically
between thirty and forty thousand. I understand the remote syslog
connections via UDP are not reliable, but I'm puzzled why _local_
syslog calls would fail to result in corresponding entries in
/var/adm/messages.
Any assistance is much appreciated.
Cheers,
Paul
--
Paul Robertson
Email: probert...@unixway.com
Phone: 617-784-1575
GnuPG Public Key: http://unixway.com/misc/pgpkey.txt
_______________________________________________
opensolaris-code mailing list
opensolaris-code@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
