path: root/README.rst

What?
=====

The libumberlog library serves two purposes: it's either a drop-in
replacement for the ``syslog()`` system call, in which case it turns
the default syslog messages into `CEE\-enhanced messages`_, with a
CEE-JSON payload, and some automatically discovered fields. Or, it can
be used as a stand-alone library, that provides a ``syslog()``-like
API, with the ability to add arbitrary key-value pairs to the
resulting JSON payload.

.. _CEE\-enhanced messages: #an-example

Why?
====

The legacy ``syslog()`` interface, while simple, is starting to show
its age. It was meant to be an interface to construct free-form
messages, targeted at human readers. However, in this time and age,
the amount of logs generated by a busy system is, especially by a
central log server in a larger environment does not lend itself well
to manual processing.

Instead, we rely more and more on programs to make sense out of the
logs, to structure the free-form text into something that's easier to
search and corellate, to filter on, and the existing interface does
not make this easy. It wasn't written with computer-based
post-processing in mind.

This library is an attempt to smoothly introduce structured logging to
administrators and developers alike, by taking a legacy interface,
``syslog()``, and improving on it a little. Not only by enhancing the
existing function, for example with a high-resolution timestamp, but
by providing an extended, but still similar API to developers, to
allow them to add more structure to their logs.

How?
====

An example
----------

One does wonder, how an example might look like, we're happy to
oblige, and show one (word wrapped, for an easier read):

SSH Login::

  Mar 24 12:01:34 localhost sshd[12590]: @cee:{
      "msg": "Accepted publickey for algernon from 127.0.0.1 port 55519 ssh2",
      "pid": "12590", "facility": "auth", "priority": "info",
      "program": "sshd", "uid": "0", "gid": "0",
      "host": "hadhodrond", "timestamp": "2012-03-24T12:01:34.236987887+0100" }

Requirements
------------

Apart from the autotools, a C compiler, there are no other
dependencies when building, except for a sufficiently modern system.

The test suite requires `json\-c`_ and `check`_ too, and `docutils`_
is required to build the documentation.

.. _json\-c: http://oss.metaparadigm.com/json-c/
.. _check: http://check.sourceforge.net/
.. _docutils: http://docutils.sourceforge.net/

Installation
------------

The library follows the usual autotools way of installation:

::

 $ git clone git://github.com/algernon/libumberlog.git
 $ cd libumberlog
 $ autoreconf -i
 $ ./configure && make && make install

.. image:: https://secure.travis-ci.org/algernon/libumberlog.png?branch=master

Usage
-----

The library comes in two variants: one to link against, and provides
an enhanced, ``syslog()``-like API. For this, please see the `API
documentation`_ for more information.

The other variant is an LD_PRELOAD-able shared object, installed as
``libumberlog_preload.so`` into a subdirectory of one's libdir. This
one overrides the system-suploed ``syslog()`` calls with its own
version, and turns these into CEE-emitting functions. It can be used
either on a per-application basis, by setting **LD_PRELOAD**, or
adding the path to the library to ``/etc/ld.so.preload``.

.. _API documentation: http://algernon.github.com/libumberlog/umberlog.html

Non-goals
---------

* It is not a goal to support anything else but ``syslog()`` payload.
* It is not a goal to go to great lengths to discover things about the
  running process: only a few things that are easily available, no
  matter how reliable this information may be.
* It is not a goal to support complex values, or anything other than
  plain C strings.

License
-------

This library is released under a two-clause BSD license, see the
`LICENSE`_ file for details.

.. _LICENSE: https://raw.github.com/algernon/libumberlog/master/LICENSE