]> git.saurik.com Git - apple/libc.git/blame - gen/asl.3
Libc-825.40.1.tar.gz
[apple/libc.git] / gen / asl.3
CommitLineData
ad3c9f2a 1.\" Copyright (c) 2005-2011 Apple Inc.
3d9156a7
A
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 4. Neither the name of Apple Computer nor the names of its contributors
13.\" may be used to endorse or promote products derived from this software
14.\" without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"
ad3c9f2a 29.Dd October 1, 2011
3d9156a7
A
30.Dt asl 3
31.Os "Mac OS X"
32.Sh NAME
224c7076 33.Nm asl_add_log_file ,
3d9156a7 34.Nm asl_close ,
1f2f436a
A
35.Nm asl_close_auxiliary_file ,
36.Nm asl_create_auxiliary_file ,
3d9156a7 37.Nm asl_free ,
3d9156a7 38.Nm asl_get ,
3d9156a7 39.Nm asl_key ,
224c7076 40.Nm asl_log ,
1f2f436a 41.Nm asl_log_auxiliary_location ,
ad3c9f2a 42.Nm asl_log_descriptor ,
224c7076
A
43.Nm asl_new ,
44.Nm asl_open ,
1f2f436a 45.Nm asl_open_from_file ,
3d9156a7 46.Nm asl_remove_log_file ,
3d9156a7 47.Nm asl_search ,
224c7076
A
48.Nm asl_send ,
49.Nm asl_set ,
50.Nm asl_set_filter ,
51.Nm asl_set_query ,
52.Nm asl_unset ,
53.Nm asl_vlog ,
54.Nm aslresponse_free ,
55.Nm aslresponse_next
3d9156a7
A
56.Nd system log message sending and searching functions
57.Sh SYNOPSIS
58.Fd #include <asl.h>
224c7076
A
59.\"
60.Ft int
61.Fo asl_add_log_file
62.Fa "aslclient asl"
ad3c9f2a 63.Fa "int descriptor"
224c7076 64.Fc
3d9156a7 65.Ft void
224c7076
A
66.Fo asl_close
67.Fa "aslclient asl"
68.Fc
3d9156a7 69.Ft void
1f2f436a 70.Fo asl_close_auxiliary_file
ad3c9f2a 71.Fa "int descriptor"
1f2f436a
A
72.Fc
73.Ft void
74.Fo asl_create_auxiliary_file
75.Fa "aslmsg msg"
76.Fa "const char *title"
77.Fa "const char *uti"
ad3c9f2a 78.Fa "int *out_descriptor"
1f2f436a
A
79.Fc
80.Ft void
224c7076
A
81.Fo asl_free
82.Fa "aslmsg msg"
83.Fc
3d9156a7 84.Ft const char *
224c7076
A
85.Fo asl_get
86.Fa "aslmsg msg"
87.Fa "const char *key"
88.Fc
3d9156a7 89.Ft const char *
224c7076
A
90.Fo asl_key
91.Fa "aslmsg msg"
92.Fa "uint32_t n"
93.Fc
3d9156a7 94.Ft int
224c7076
A
95.Fo asl_log
96.Fa "aslclient asl"
97.Fa "aslmsg msg"
98.Fa "int level"
99.Fa "const char *format"
100.Fa "..."
101.Fc
1f2f436a
A
102.Ft void
103.Fo asl_log_auxiliary_location
104.Fa "aslmsg msg"
105.Fa "const char *title"
106.Fa "const char *uti"
107.Fa "const char *url"
108.Fc
ad3c9f2a
A
109.Ft int
110.Fo asl_log_descriptor
111.Fa "aslclient asl"
112.Fa "aslmsg msg"
113.Fa "int level"
114.Fa "int descriptor"
115.Fa "uint32_t fd_type"
116.Fc
224c7076
A
117.Ft aslmsg
118.Fo asl_new
119.Fa "uint32_t type"
120.Fc
121.Ft aslclient
122.Fo asl_open
123.Fa "const char *ident"
124.Fa "const char *facility"
125.Fa "uint32_t opts"
126.Fc
1f2f436a
A
127.Ft aslclient
128.Fo asl_open_from_file
ad3c9f2a 129.Fa "int descriptor"
1f2f436a
A
130.Fa "const char *ident"
131.Fa "const char *facility"
132.Fc
3d9156a7 133.Ft int
224c7076
A
134.Fo asl_remove_log_file
135.Fa "aslclient asl"
ad3c9f2a 136.Fa "int descriptor"
224c7076
A
137.Fc
138.Ft aslresponse
139.Fo asl_search
140.Fa "aslclient asl"
141.Fa "aslmsg msg"
142.Fc
3d9156a7 143.Ft int
224c7076
A
144.Fo asl_send
145.Fa "aslclient asl"
146.Fa "aslmsg msg"
147.Fc
3d9156a7 148.Ft int
224c7076
A
149.Fo asl_set
150.Fa "aslmsg msg"
151.Fa "const char *key"
152.Fa "const char *value"
153.Fc
3d9156a7 154.Ft int
224c7076
A
155.Fo asl_set_filter
156.Fa "aslclient asl"
157.Fa "int f"
158.Fc
3d9156a7 159.Ft int
224c7076
A
160.Fo asl_set_query
161.Fa "aslmsg msg"
162.Fa "const char *key"
163.Fa "const char *value"
164.Fa "uint32_t op"
165.Fc
3d9156a7 166.Ft int
224c7076
A
167.Fo asl_unset
168.Fa "aslmsg msg"
169.Fa "const char *key"
170.Fc
171.Ft int
172.Fo asl_vlog
173.Fa "aslclient asl"
174.Fa "aslmsg msg"
175.Fa "int level"
176.Fa "const char *format"
177.Fa "va_list ap"
178.Fc
3d9156a7 179.Ft void
224c7076 180.Fo aslresponse_free
b5d655f7 181.Fa "aslresponse r"
224c7076
A
182.Fc
183.Ft aslmsg
184.Fo aslresponse_next
185.Fa "aslresponse r"
186.Fc
3d9156a7 187.Sh DESCRIPTION
224c7076 188These routines provide an interface to the Apple System Log facility.
3d9156a7
A
189They are intended to be a replacement for the
190.Xr syslog 3
191API, which will continue to be supported for backwards compatibility.
224c7076
A
192The new API allows client applications
193to create flexible, structured messages and send them to the
3d9156a7
A
194.Nm syslogd
195server, where they may undergo additional processing.
224c7076
A
196Messages received by the server are saved in a data store
197(subject to input filtering constraints).
198This API permits clients to create queries
199and search the message data store for matching messages.
b5d655f7
A
200.Pp
201An introduction to the concepts underlying this interface follows the interface summary below.
202.Ss INTERFACE SUMMARY
203.Fo asl_open
204.Fa ident
205.Fa facility
206.Fa opts
207.Fc
208creates and returns a client handle, or NULL if an error occurs in the library.
209Messages sent using this handle will default to having the string
210.Ar ident
1f2f436a 211as the value associated with the ASL_KEY_SENDER key, and the value
b5d655f7 212.Ar facility
1f2f436a 213associated with the ASL_KEY_FACILITY key.
b5d655f7
A
214Several options are available, as described in the
215.Sx CLIENT HANDLES
216section.
217.Pp
218Multi-threaded applications should create one client handle for each thread that logs messages.
219A client may use NULL as a client handle, in which case a default handle managed by the library will be used.
220A NULL handle may be used safely by multiple threads, but the threads will contend for a single internal lock when
221sending log messages using a NULL handle.
222.Pp
223.Fo asl_close
224.Fa asl
225.Fc
226closes the client handle
227.Ar asl
228and releases its associated resources.
229.Pp
230.Fo asl_add_log_file
231.Fa asl
ad3c9f2a 232.Fa descriptor
b5d655f7
A
233.Fc
234adds the file descriptor
ad3c9f2a 235.Ar descriptor
b5d655f7
A
236to the a set of file descriptors associated with the client handle
237.Ar asl .
238Each log message sent by that client handle is also written to these file descriptors.
239Returns 0 on success, non-zero on failure.
240.Pp
241.Fo asl_remove_log_file
242.Fa asl
ad3c9f2a 243.Fa descriptor
b5d655f7
A
244.Fc
245removes a file descriptor from the set of file descriptors associated with a client handle.
246Returns 0 on success, non-zero on failure.
247.Pp
248.Fo asl_new
249.Fa type
250.Fc
251allocates and returns an aslmsg structure, or NULL in the case of a failure in the library.
252The
253.Ar type
254argument must be ASL_TYPE_MSG or ASL_TYPE_QUERY.
255.Pp
256.Fo asl_free
257.Fa msg
258.Fc
259frees an aslmsg and releases resources associated with the structure.
260.Pp
261.Fo asl_set
262.Fa msg
263.Fa key
264.Fa value
265.Fc
266creates a new key and value in an aslmsg structure, or replaces the value of an existing key.
267Returns 0 on success, non-zero on failure.
268.Pp
269.Fo asl_set_query
270.Fa msg
271.Fa key
272.Fa op
273.Fa value
274.Fc
275is used to construct searches.
276It is similar to
277.Fn asl_set ,
278except that it takes an additional
279.Ar op
280(operation) argument.
281Creates a new (key, op, value) triple in an aslmsg structure,
282or replaces the value and operation for an existing key.
283See the
284.Sx SEARCHING
285section for more information.
286Returns 0 on success, non-zero on failure.
287.Pp
288.Fo asl_unset
289.Fa msg
290.Fa key
291.Fc
292removes a key and its associated value from an aslmsg structure.
293Returns 0 on success, non-zero on failure.
294.Pp
295.Fo asl_key
296.Fa msg
297.Fa n
298.Fc
299returns the nth key in an aslmsg (beginning at zero),
300allowing an application to iterate through the keys.
301Returns NULL if
302.Ar n
303indexes beyond the number of keys in
304.Ar msg .
305.Pp
306.Fo asl_get
307.Fa msg
308.Fa key
309.Fc
310returns the value associated with
311.Ar key
312in the aslmsg
313.Ar msg .
314Returns NULL if
315.Ar msg
316does not contain
317. Ar key .
318.Pp
319.Fo asl_set_filter
320.Fa asl
321.Fa f
322.Fc
323sets a filter for messages being sent to the server.
324The filter is a bitmask representing priority levels.
325Only messages having a priority level with a corresponding bit set in the filter mask are sent to the
326.Nm syslogd
327server.
328The filter does not control writes to additional files associated with the client handle using
329.Fn asl_add_log_file .
330Returns the previous filter value.
331.Pp
332.Fo asl_log
333.Fa asl
334.Fa msg
335.Fa level
336.Fa format
337.Fa args...
338.Fc
339sends a log to the server (subject to filtering, see
340.Fn asl_set_filter
341above) and to any file descriptors associated with the client handle
342.Ar asl .
343The
344.Ar msg
345argument may contain any keys and values, which will be formatted as part of the log message.
346The value for ASL_KEY_LEVEL is supplied by the
347.Ar level
348argument.
349The value for ASL_KEY_MESSAGE is computed from
350.Ar format
351and the associated arguments
352.Ar args... .
353Normal
354.Fn printf
355style argument processing is applied to the format and the arguments.
356The format may also contain
357.Dq %m
358which will be substituted with the string value corresponding to the current
359.Em errno .
360.Pp
ad3c9f2a
A
361The ASL_PREFILTER_LOG(asl, msg, level, format, ...) macro may be used in
362place of
363.Fn asl_log .
364The macro avoids processing the variable argument list in those cases where
365the message would be filtered out due to filter settings, would not be
366written to a log file associated with the aslclient, or would not be
367written to stderr.
368The macro may provide a performance benefit for some applications.
369Details on filter setting, additional log files, and aslclient options
370are described below in this manual.
371.Pp
b5d655f7
A
372.Fo asl_vlog
373.Fa asl
374.Fa msg
375.Fa level
376.Fa format
377.Fa ap
378.Fc
379is similar to
380.Fn asl_log
381except that it takes a va_list argument.
382.Pp
383.Fo asl_send
384.Fa asl
385.Fa msg
386.Fc
387is similar to
388.Fn asl_log ,
389exceopt the value for ASL_KEY_MESSAGE is taken from
390.Ar msg
391rather than being constructed using a
392.Fn printf
393style syntax.
394.Pp
ad3c9f2a
A
395.Fo asl_log_descriptor
396.Fa asl
397.Fa msg
398.Fa level
399.Fa descriptor
400.Fa fd_type
401.Fc
402provides functionality to use file descriptors to send logging data to ASL.
403.Ar asl
404is retained by ASL and must still be closed by the caller by calling
405.Fn asl_close
406if the caller loses reference to it.
407.Ar msg
408is copied by ASL and similarly must still be freed by the caller by calling
409.Fn asl_free
410if the caller loses reference to it. Any changes made to it after calling
411.Fn asl_log_descriptor()
412are not applicable to the message used.
413.Ar descriptor is treated differentlty based on the value of
414.Ar fd_type .
415.Pp
416If
417.Ar fd_type
418is ASL_LOG_DESCRIPTOR_READ, the descriptor must be open for read access. ASL
419uses
420.Xr dispatch 2
421to read from the descriptor as data becomes available. These data are line
422buffered and passed to
423.Fn asl_log .
424When EOF is read, ASL will
425.Xr close 2
426.Ar descriptor ..
427.Pp
428If
429.Ar fd_type
430is ASL_LOG_DESCRIPTOR_WRITE, the descriptor is closed and a new writable
431descriptor is created with the same fileno. Any data written to this new
432descriptor are line buffered and passed to
433.Fn asl_log .
434When EOF is sent, no further data are read. The caller is responsible for
435closing the new descriptor. One common use for this API is to redirect writes
436to stdout or stderr to ASL by passing STDOUT_FILENO or STDERR_FILENO as
437.Ar descriptor .
438.Pp
b5d655f7
A
439.Fo asl_search
440.Fa asl
441.Fa msg
442.Fc
443searches for messages that match the keys and values in
444.Ar msg ,
445subject to matching operations associated with those keys and values.
446The
447.Ar msg
448argument should be constructed using
449.Fn asl_set_query .
450See the
451.Sx SEARCHING
452section for details on constructing queries.
453Returns an aslresponse structure that contains matching log messages.
454NULL is returned in case of error or if there are no matching messages in the ASL database.
455.Pp
456.Fo aslresponse_next
457.Fa r
458.Fc
459iterates over an aslresponse structure returned by
460.Fn asl_search .
461Each call returns the next aslmsg in the response.
462Returns NULL when there are no further messages.
463.Pp
464.Fo aslresponse_free
465.Fa r
466.Fc
467frees the aslresponse structure
468.Ar r
469and all of its associated resources.
1f2f436a
A
470.Pp
471.Fo asl_create_auxiliary_file
472.Fa msg
473.Fa title
474.Fa uti
ad3c9f2a 475.Fa out_descriptor
1f2f436a
A
476.Fc
477Creates an auxiliary file that may be used by the client to save arbitrary data.
478When the file is closed using
479.Fo asl_close_auxiliary_file
480.Fc ,
481.Nm syslogd
482will log the specified
483.Fa msg
484along with the
485.Fa title
486and the Uniform Type Identifier provided by
487.Fa uti .
488If a NULL value is supplied for
489.Fa uti
490the type
491.Dq public.data
492will be used.
493The
494.Nm Console
495application will display the message with a link to the file.
496.Pp
497Auxiliary files are saved in the ASL data store.
498They are automatically deleted at the same time that the log message expires.
499Messages expire in 7 days by default.
500A value set for the ASLExpireTime key will override the default.
501Read access for the auxiliary file will be the same as read access for
502.Fa msg .
503By default, messages (and auxiliary files) are world-readable.
504Access may be limited by setting values for the ReadUID and ReadGID keys.
505.Pp
506.Fo asl_close_auxiliary_file
ad3c9f2a 507.Fa descriptor
1f2f436a
A
508.Fc
509closes the file descriptor
ad3c9f2a 510.Ar descriptor
1f2f436a
A
511previously returned by a call to
512.Fn asl_create_auxiliary_file .
513.Pp
514.Fo asl_log_auxiliary_location
515.Fa msg
516.Fa title
517.Fa uti
518.Fa url
519.Fc
520will log the specified
521.Fa msg
522along with the
523.Fa title ,
524the Uniform Type Identifier provided by
525.Fa uti ,
526and the Uniform Resource Locator provided by
527.Fa url .
528The
529.Nm Console
530application will display the message with a link to the file.
531This allows a client to save data in an auxiliary file, but unlike
532.Fo asl_create_auxiliary_file
533.Fc ,
534the life-cycle of this file must be managed by some external system.
535The file will not be removed when the corresponding log message expired from the ASL data store.
536.Pp
537.Fo asl_open_from_file
ad3c9f2a 538.Fa descriptor
1f2f436a
A
539.Fa facility
540.Fa opts
541.Fc
542creates a client handle for an open file descriptor
ad3c9f2a 543.Fa descriptor .
1f2f436a
A
544This routine may be used in conjunction with
545.Fo asl_create_auxiliary_file
546.Fc
547or
548.Fo asl_log_auxiliary_location
549.Fc
550to save ASL format log messages in an auxiliary file.
551The UTI type
552.Dq com.apple.asl-file
553should be used for ASL format auxiliary files.
554.Pp
555Files with this format may be read from the command line using
556.Nm syslog Fl f Ar file ,
557or from the
558.Nm Console
559utility.
560.Pp
561The file must be open for read and write access.
562The file will be truncated and its existing contents will be lost.
563.Fo asl_close
564.Fc
565must be called to close the client handle when logging to this file is complete.
566The file should be closed using
567.Fo asl_close_auxiliary_file
568.Fc
569if it was returned by
570.Fo asl_create_auxiliary_file
571.Fc ,
572or
573.Fo close
574.Fc
575otherwise.
576.Pp
577The client handle may be used safely by multiple threads.
578The threads will contend for a single internal lock when saving log messages to a file.
579.Pp
580Note that messages with ReadUID or ReadGID values will simply be saved to the file,
581and will not effect read access to either the message or the file itself.
582Similarly, messages with ASLExpireTime values will be saved, but will not effect the
583life-cycle of either the individual messages or the file.
3d9156a7
A
584.Ss MESSAGES
585At the core of this API is the aslmsg structure.
224c7076
A
586Although the structure is opaque and may not be directly manipulated,
587it contains a list of key/value pairs.
b5d655f7 588All keys and values are NUL-character terminated C language strings.
3d9156a7
A
589UTF-8 encoding may be used for non-ASCII characters.
590.Pp
224c7076
A
591Message structures are generally used to send log messages,
592and are created thusly:
3d9156a7
A
593.Pp
594 aslmsg m = asl_new(ASL_TYPE_MSG);
595.Pp
224c7076
A
596Another message type, ASL_TYPE_QUERY,
597is used to create queries when searching the data store.
3d9156a7
A
598Query type messages and searching are described in detail in the
599.Sx SEARCHING
b5d655f7 600section.
224c7076
A
601For the remainder of this section,
602the messages described will be of the ASL_TYPE_MSG variety.
3d9156a7 603.Pp
224c7076
A
604Each aslmsg contains a default set of keys
605and values that are associated with them.
3d9156a7
A
606These keys are listed in the asl.h header file.
607They are:
608.Pp
224c7076
A
609 #define ASL_KEY_TIME "Time"
610 #define ASL_KEY_HOST "Host"
611 #define ASL_KEY_SENDER "Sender"
612 #define ASL_KEY_FACILITY "Facility"
613 #define ASL_KEY_PID "PID"
614 #define ASL_KEY_UID "UID"
615 #define ASL_KEY_GID "GID"
616 #define ASL_KEY_LEVEL "Level"
617 #define ASL_KEY_MSG "Message"
3d9156a7
A
618.Pp
619Many of these correspond to equivalent parts of messages described in the
620.Xr syslog 3
621API.
622Values associated with these message keys are assigned appropriate defaults.
623The value for ASL_KEY_HOST is the local host name,
624the value associated with ASL_KEY_SENDER is the process name,
625the ASL_KEY_PID is the client's process ID number, and so on.
626.Pp
627Note the addition of the UID and GID keys.
628The values for UID and GID are set in library code by the message sender.
224c7076
A
629The server will attempt to confirm the values,
630but no claim is made that these values cannot be maliciously overridden
631in an attempt to deceive a log message reader
632as to the identity of the sender of a message.
3d9156a7
A
633The contents of log messages must be regarded as insecure.
634.Pp
3d9156a7
A
635The
636.Xr asl 3
637API does not require a process to choose a facility name.
638The
639.Nm syslogd
640server will use a default value of
641.Dq user
642if a facility is not set.
224c7076
A
643However, a client may set a facility name as an argument in the
644.Nm asl_open
645call, or by setting a specific value for the ASL_KEY_FACILITY in a message:
3d9156a7 646.Pp
224c7076 647 asl_set(m, ASL_KEY_FACILITY, "com.somename.greatservice");
3d9156a7
A
648.Pp
649An application may choose any facility name at will.
224c7076
A
650Different facility names may be attached to different messages, perhaps to distinguish different subsystems in log messages.
651Developers are encouraged to adopt a
652.Dq Reverse ICANN
653naming convention to avoid conflicting facility names.
654.Pp
655Default values are set in the message for each of the keys listed above,
656except for ASL_KEY_MSG,
657which may be explicitly set at any time using the
3d9156a7
A
658.Nm asl_set
659routine, or implicitly set at the time the message is sent using the
660.Nm asl_log
661or
662.Nm asl_vlog
663routines.
224c7076
A
664These two routines also have an integer-level parameter
665for specifying the log priority.
3d9156a7 666The ASL_KEY_LEVEL value is set accordingly.
224c7076
A
667Finally, the value associated with ASL_KEY_TIME
668is set in the sending routine.
3d9156a7 669.Pp
224c7076
A
670Although it may appear that there is significant overhead required
671to send a log message using this API,
3d9156a7
A
672the opposite is actually true.
673A simple
674.Dq Hello World
675program requires only:
676.Pp
677 #include <asl.h>
678 ...
679 asl_log(NULL, NULL, ASL_LEVEL_INFO, "Hello World!");
680.Pp
681Both
682.Nm asl_log
683and
684.Nm asl_vlog
224c7076
A
685will provide the appropriate default values
686when passed a NULL aslmsg argument.
3d9156a7
A
687.Pp
688.Pp
689In this example, the aslclient argument is NULL.
690This is sufficient for a single-threaded application,
691or for an application which only sends log messages from a single thread.
224c7076 692When logging from multiple threads,
b5d655f7
A
693each thread
694.Em should
695open a separate client handle using
3d9156a7
A
696.Nm asl_open .
697The client handle may then be closed when it is no longer required using
698.Nm asl_close .
b5d655f7
A
699Multiple threads may log messages safely using a NULL aslclient argument,
700but the library will use an internal lock, so that in fact only one thread
701will log at a time.
3d9156a7 702.Pp
224c7076
A
703When an application requires additional keys and values
704to be associated with each log message,
3d9156a7
A
705a single message structure may be allocated and set up as
706.Dq template
707message of sorts:
708.Pp
709 aslmsg m = asl_new(ASL_TYPE_MSG);
224c7076 710 asl_set(m, ASL_KEY_FACILITY, "com.secrets.r.us");
3d9156a7
A
711 asl_set(m, "Clearance", "Top Secret");
712 ...
713 asl_log(NULL, m, ASL_LEVEL_NOTICE, "Message One");
714 ...
715 asl_log(NULL, m, ASL_LEVEL_ERR, "Message Two");
716.Pp
717The message structure will carry the values set for the
718.Dq Facility
719and
720.Dq Clearance
721keys so that they are used in each call to
722.Nm asl_log ,
224c7076
A
723while the log level and the message text
724are taken from the calling parameters.
725.Pp
726The
727.Ar format
728argument to
729.Nm asl_log
730and
731.Nm asl_vlog
732is identical to
733.Xr printf 3 ,
734and may include
735.Ql %m ,
736which is replaced by the current error message
737(as denoted by the global variable
738.Va errno ;
739see
740.Xr strerror 3 . )
3d9156a7
A
741.Pp
742Key/value pairs may be removed from a message structure with
743.Nm asl_unset .
744A message may be freed using
745.Nm asl_free .
746.Pp
747The
748.Nm asl_send
749routine is used by
750.Nm asl_log
751and
752.Nm asl_vlog
753to transmit a message to the server.
224c7076
A
754This routine sets the value associated with ASL_KEY_TIME
755and sends the message.
756It may be called directly if all of a message's key/value pairs
757have been created using
3d9156a7 758.Nm asl_set .
224c7076
A
759.Ss SECURITY
760Messages that are sent to the
761.Nm syslogd
762server may be saved in a message store.
763The store may be searched using
764.Nm asl_search ,
765as described below.
766By default, all messages are readable by any user.
767However, some applications may wish to restrict read access
768for some messages.
769To accomodate this,
770a client may set a value for the "ReadUID" and "ReadGID" keys.
771These keys may be associated with a value
772containing an ASCII representation of a numeric UID or GID.
773Only the root user (UID 0),
774the user with the given UID,
775or a member of the group with the given GID
776may fetch access-controlled messages from the database.
777.Pp
778Although the ASL system does not require a "Facility" key in a message,
779many processes specify a "Facility" value similar
780to the common usage of the BSD
781.Nm syslog
782API, although developers are encouraged to adopt facility names that make sense for their application.
783A
784.Dq Reverse ICANN
785naming convention (e.g. "com.apple.system.syslog") should be adopted to avoid conflicting names.
786The ASL system generally allows any string to be used as a facility value,
787with one exception.
788The value "com.apple.system",
789or any string that has "com.apple.system" as a prefix,
790may only be used by processes running with the UID 0.
791This allows system processes to log messages that can not be "spoofed" by user processes.
792Non-UID 0 client processes that specify "com.apple.system" as a facility, will be assigned the value "user"
793by the
794.Nm syslogd
795server.
3d9156a7
A
796.Ss CLIENT HANDLES
797When logging is done from a single thread,
224c7076
A
798a NULL value may be used in any of the routines
799that require an aslclient argument.
800In this case, the library will open an internal client handle
801on behalf of the application.
3d9156a7
A
802.Pp
803If multiple threads must do logging,
804or if client options are desired,
805then the application should call
806.Nm asl_open
807to create a client handle for each thread.
808As a convenience,
809the
810.Nm asl_open
811routine may be given an ident argument,
812which becomes the default value for the ASL_KEY_SENDER key,
813and a facility argument,
224c7076 814which becomes the value associated with the ASL_KEY_FACILITY key.
3d9156a7
A
815.Pp
816Several options are available when creating a client handle.
817They are:
818.Pp
819.Bl -tag -width "ASL_OPT_NO_REMOTE" -compact
820.It ASL_OPT_STDERR
821adds stderr as an output file descriptor
822.It ASL_OPT_NO_DELAY
823connects to the server immediately
824.It ASL_OPT_NO_REMOTE
825disables remote-control filter adjustment
826.El
827.Pp
b5d655f7
A
828ASL_OPT_NO_DELAY makes the client library connect to the
829.Nm syslogd
830server at the time that
831.Nm asl_open
832is called, rather than waiting for the first message to be sent.
833Opening the connection is quite fast, but some applications may want to avoid any unnecessary delays when calling
834.Nm asl_log ,
835.Nm asl_vlog ,
836or
837.Nm asl_send .
838.Pp
3d9156a7
A
839See the FILTERING section below, and the
840.Xr syslog 1
841for additional details on filter controls.
842.Pp
843A client handle is closed and it's resources released using
844.Nm asl_close .
224c7076
A
845Note that if additional file descriptors were added to the handle,
846either using the ASL_OPT_STDERR option
847or afterwards with the
3d9156a7
A
848.Nm asl_add_log_file
849routine, those file descriptors are not closed by
850.Nm asl_close .
851.Ss LOGGING TO ADDITIONAL FILES
852If a client handle is opened with the ASL_OPT_STDERR option to
853.Nm asl_open ,
854a copy of each log message will be sent to stderr.
855Additional output streams may be include using
856.Nm asl_add_log_file .
224c7076
A
857.Pp
858Messages sent to stderr or other files are printed in the "standard" message format
859also used as a default format by the
860.Xr syslog 1
861command line utility.
b5d655f7
A
862Non-ASCII characters in a message are encoded using the
863.Dq safe
864encoding style used by
865.Xr syslog 1
866with the
867.Fl E Ar safe
868option.
869Backspace characters are printed as ^H.
870Carriage returns are mapped to newlines.
871A tab character is appended after newlines so that message text is indented.
224c7076
A
872.Pp
873File descriptors may be removed from the list of outputs associated
874with a client handle with
3d9156a7
A
875.Nm asl_remove_log_file .
876This routine simply removes the file descriptor from the output list.
877The file is not closed as a result.
878.Pp
224c7076
A
879The ASL_OPT_STDERR option may not be unset
880after a client handle has been opened.
3d9156a7
A
881.Ss SEARCHING
882The
883.Nm syslogd
224c7076
A
884server archives received messages in a data store
885that may be searched using the
3d9156a7
A
886.Nm asl_search ,
887.Nm aslresponse_next ,
888and
889.Nm aslresponse_free
890routines.
891A query message is created using:
892.Pp
893 aslmsg q = asl_new(ASL_TYPE_QUERY);
894.Pp
895Search settings are made in the query using
896.Nm asl_set_query .
897A search is performed on the data store with
898.Nm asl_search .
899It returns an
900.Ft aslresponse
901structure.
902The caller may then call
903.Nm aslresponse_next
904to iterate through matching messages.
905The
906.Ft aslresponse
907structure may be freed with
908.Nm aslresponse_free .
909.Pp
910Like other messages, ASL_TYPE_QUERY messages contain keys and values.
911They also associate an operation with each key and value.
912The operation is used to decide if a message matches the query.
913The simplest operation is ASL_QUERY_OP_EQUAL, which tests for equality.
224c7076
A
914For example, the following code snippet searches for messages
915with a Sender value equal to
3d9156a7
A
916.Dq MyApp .
917.Pp
918 aslmsg m;
919 aslresponse r;
920 q = asl_new(ASL_TYPE_QUERY);
921 asl_set_query(q, ASL_KEY_SENDER, "MyApp", ASL_QUERY_OP_EQUAL);
922 r = asl_search(NULL, q);
923.Pp
924More complex searches may be performed using other query operations.
925.Pp
926.Bl -tag -width "ASL_QUERY_OP_GREATER_EQUAL" -compact
927.It ASL_QUERY_OP_EQUAL
928value equality
929.It ASL_QUERY_OP_GREATER
930value greater than
931.It ASL_QUERY_OP_GREATER_EQUAL
932value greater than or equal to
933.It ASL_QUERY_OP_LESS
934value less than
935.It ASL_QUERY_OP_LESS_EQUAL
936value less than or equal to
937.It ASL_QUERY_OP_NOT_EQUAL
938value not equal
939.It ASL_QUERY_OP_REGEX
940regular expression search
941.It ASL_QUERY_OP_TRUE
942always true - use to test for the existence of a key
943.El
944.Pp
945Regular expression search uses
946.Xr regex 3
947library.
948Patterns are compiled using the REG_EXTENDED and REG_NOSUB options.
949.Pp
224c7076
A
950Modifiers that change the behavior of these operations
951may also be specified by ORing the modifier value with the operation.
3d9156a7
A
952The modifiers are:
953.Pp
954.Bl -tag -width "ASL_QUERY_OP_SUBSTRING" -compact
955.It ASL_QUERY_OP_CASEFOLD
956string comparisons are case-folded
957.It ASL_QUERY_OP_PREFIX
958match a leading substring
959.It ASL_QUERY_OP_SUFFIX
960match a trailing substring
961.It ASL_QUERY_OP_SUBSTRING
962match any substring
963.It ASL_QUERY_OP_NUMERIC
964values are converted to integer using
965.Nm atoi
966.El
967.Pp
224c7076
A
968The only modifier that is checked
969for ASL_QUERY_OP_REGEX search is ASL_QUERY_OP_CASEFOLD.
970This causes the regular expression to be compiled
971with the REG_ICASE option.
3d9156a7
A
972.Pp
973If a query message contains more than one set of key/value/operation triples,
974the result will be a logical AND. For example, to find messages from
975.Dq MyApp
976with a priority level less than or equal to
977.Dq 3 :
978.Pp
979 aslmsg q;
980 aslresponse r;
981 q = asl_new(ASL_TYPE_QUERY);
982 asl_set_query(q, ASL_KEY_SENDER, "MyApp", ASL_QUERY_OP_EQUAL);
983 asl_set_query(q, ASL_KEY_LEVEL, "3",
984 ASL_QUERY_OP_LESS_EQUAL | ASL_QUERY_OP_NUMERIC);
985 r = asl_search(NULL, q);
986.Pp
987After calling
988.Nm asl_search
989to get an
990.Ft aslresponse
991structure, use
992.Nm aslresponse_next
993to iterate through all matching messages.
994To iterate through the keys and values in a message, use
995.Nm asl_key
996to iterate through the keys, then call
997.Nm asl_get
998to get the value associated with each key.
999.Pp
1000 aslmsg q, m;
1001 int i;
1002 const char *key, *val;
1003.Pp
1004 ...
1005 r = asl_search(NULL, q);
1006 while (NULL != (m = aslresponse_next(r)))
1007 {
1008 for (i = 0; (NULL != (key = asl_key(m, i))); i++)
1009 {
1010 val = asl_get(m, key);
1011 ...
1012 }
1013 }
1014 aslresponse_free(r);
1015.Pp
1016.Ss FILTERING AND REMOTE CONTROL
1017Clients may set a filter mask value with
1018.Nm asl_set_filter .
1019The mask specifies which messages should be sent to the
1020.Nm syslogd
1021daemon by specifying a yes/no setting for each priority level.
224c7076
A
1022Clients typically set a filter mask
1023to avoid sending relatively unimportant messages.
1024For example, Debug or Info priority level messages
1025are generally only useful for debugging operations.
1026By setting a filter mask, a process can improve performance
1027by avoiding sending messages that are in most cases unnecessary.
1028.Pp
1029.Nm asl_set_filter returns the previous value of the filter, i.e. the value of the filter before the routine was called.
3d9156a7
A
1030.Pp
1031As a convenience, the macros ASL_FILTER_MASK(level) and ASL_FILTER_MASK_UPTO(level)
1032may be used to construct a bit mask corresponding to a given priority level,
224c7076
A
1033or corresponding to a bit mask for all priority levels
1034from ASL_LEVEL_EMERG to a given input level.
3d9156a7
A
1035.Pp
1036The default filter mask is ASL_FILTER_MASK_UPTO(ASL_LEVEL_NOTICE).
224c7076
A
1037This means that by default,
1038and in the absence of remote-control changes (described below),
1039ASL_LEVEL_DEBUG and ASL_LEVEL_INFO priority level messages
1040are not sent to the
3d9156a7
A
1041.Mn syslogd
1042server.
1043.Pp
1044Three different filters exist for each application.
1045The first is the filter mask set using
1046.Nm asl_set_filter
1047as described above.
1048The Apple System Log facility also manages a
1049.Dq master
1050filter mask.
224c7076
A
1051The master filter mask usually has a value
1052that indicates to the library that it is
3d9156a7
A
1053.Dq off ,
1054and thus it has no effect.
224c7076
A
1055However, the mask filter mask may be enabled
1056by giving it a value using the
3d9156a7
A
1057.Nm syslog
1058command, using the
1059.Fl c
10600 option.
1061When the master filter mask has been set,
1062it takes precedence over the client's filter mask.
224c7076
A
1063The client's mask is unmodified,
1064and will become active again if remote-control filtering is disabled.
3d9156a7
A
1065.Pp
1066In addition to the master filter mask,
224c7076
A
1067The Apple System Log facility
1068also manages a per-client remote-control filter mask.
3d9156a7
A
1069Like the master filter mask, the per-client mask is usually
1070.Dq off ,
1071having no effect on a client.
1072If a per-client filter mask is set using the
1073.Nm syslog
1074command, using the
1075.Fl c Ar process
224c7076
A
1076option, then it takes precedence
1077over both the client's filter mask and the master filter mask.
1078As is the case with the master filter mask,
1079a per-client mask ceases having any effect when if is disabled.
3d9156a7
A
1080.Pp
1081The ASL_OPT_NO_REMOTE option to
1082.Nm asl_open
224c7076
A
1083causes both the master and per-client remote-control masks
1084to be ignored in the library.
1085In that case, only the client's own filter mask
1086is used to determine which messages are sent to the server.
1087This may be useful for Applications that produce log messages
1088that should never be filtered, due to security considerations.
1089Note that root (administrator) access is required
1090to set or change the master filter mask,
1091and that only root may change a per-client remote-control filter mask
1092for a root (UID 0) process.
34e8f829
A
1093.Pp
1094The per-process remote control filter value is kept as a state value
1095associated with a key managed by
1096.Nm notifyd .
1097The key is protected by an access control mechanism that only permits the
1098filter value to be accessed and modified by the same effective UID as the
1099ASL client at the time that the first ASL connection was created.
1100Remote filter control using
1101.Nm syslog Fl c
1102will fail for processes that change effective UID after starting an ASL connection.
1103Those processes should close all ASL client handles and then re-open ASL connections
1104if remote filter control support is desired.
3d9156a7
A
1105.Sh HISTORY
1106These functions first appeared in
1107Mac OS X 10.4.
1108.Sh SEE ALSO
224c7076
A
1109.Xr syslog 1 ,
1110.Xr strvis 3 ,
1111.Xr syslogd 8