syslog - read and/or clear kernel message ring buffer; set


       #include <unistd.h>

       #include <linux/unistd.h>

       _syscall3(int, syslog, int, type, char *, bufp, int, len);

       int syslog(int type, char *bufp, int len);


       This is probably not the function you are  interested  in.
       Look  at  syslog(3) for the C library interface. This page
       only documents the bare kernel system call interface.

       The type argument determines the action taken by syslog.

       Quoting from kernel/printk.c:
        * Commands to sys_syslog:
        *      0 -- Close the log.  Currently a NOP.
        *      1 -- Open the log. Currently a NOP.
        *      2 -- Read from the log.
        *      3 -- Read up to the last 4k of messages in the ring buffer.
        *      4 -- Read and clear last 4k of messages in the ring buffer
        *      5 -- Clear ring buffer.
        *      6 -- Disable printk's to console
        *      7 -- Enable printk's to console
        *      8 -- Set level of messages printed to console

       Only function 3 is allowed to non-root processes.

       The kernel log buffer
       The kernel has  a  cyclic  buffer  of  length  LOG_BUF_LEN
       (4096,  since 1.3.54: 8192, since 2.1.113: 16384) in which
       messages given as argument to the kernel function printk()
       are stored (regardless of their loglevel).

       The  call  syslog  (2,buf,len) waits until this kernel log
       buffer is nonempty, and then reads at most len bytes  into
       the buffer buf. It returns the number of bytes read. Bytes
       read from the log  disappear  from  the  log  buffer:  the
       information  can  only be read once.  This is the function
       executed  by  the  kernel  when  a  user   program   reads

       The  call  syslog (3,buf,len) will read the last len bytes
       from the log buffer (nondestructively), but will not  read
       buffer at all).  It returns the number of bytes read.

       The  call  syslog (4,buf,len) does precisely the same, but
       also executes the `clear ring buffer' command.

       The call syslog (5,dummy,idummy) only executes the  `clear
       ring buffer' command.

       The loglevel
       The  kernel  routine printk() will only print a message on
       the console, if it has a loglevel less than the  value  of
       the   variable  console_loglevel  (initially  DEFAULT_CON­
       SOLE_LOGLEVEL (7), but set to 10 if the kernel commandline
       contains  the  word `debug', and to 15 in case of a kernel
       fault - the 10 and 15 are just silly,  and  equivalent  to
       8).  This variable is set (to a value in the range 1-8) by
       the  call  syslog  (8,dummy,value).   The   calls   syslog
       (type,dummy,idummy) with type equal to 6 or 7, set it to 1
       (kernel panics only) or 7 (all except debugging messages),

       Every  text  line  in a message has its own loglevel. This
       level is DEFAULT_MESSAGE_LOGLEVEL - 1 (6) unless the  line
       starts  with  <d>  where d is a digit in the range 1-7, in
       which case the level is d. The conventional meaning of the
       loglevel is defined in <linux/kernel.h> as follows:

       #define KERN_EMERG    "<0>"  /* system is unusable               */
       #define KERN_ALERT    "<1>"  /* action must be taken immediately */
       #define KERN_CRIT     "<2>"  /* critical conditions              */
       #define KERN_ERR      "<3>"  /* error conditions                 */
       #define KERN_WARNING  "<4>"  /* warning conditions               */
       #define KERN_NOTICE   "<5>"  /* normal but significant condition */
       #define KERN_INFO     "<6>"  /* informational                    */
       #define KERN_DEBUG    "<7>"  /* debug-level messages             */


       In case of error, -1 is returned, and errno is set. Other­
       wise, for type equal to 2, 3 or 4,  syslog()  returns  the
       number of bytes read, and otherwise 0.


       EPERM  An  attempt  was made to change console_loglevel or
              clear the kernel message ring buffer by  a  process
              without root permissions.

       EINVAL Bad parameters.

              System  call  was interrupted by a signal - nothing
              was read.

       This system call is Linux specific and should not be  used
       in programs intended to be portable.