syslog - read and/or clear kernel message ring  buffer;  set


     #include <unistd.h>

     #include <linux/unistd.h>

     _syscall3(int, syslog, int, type, char *,

     int syslog(int type, char *bufp, int len


     This is probably not the function  you  are  interested  in.
     Look  at  syslog(3)  for  the C library interface. This page
     only documents the bare kernel system call interface.

     The type argument determines the action taken by syslog.

     Quoting from kernel/printk.c:
      * Commands to sys_syslog:
      *      0 -- Close the log.  Currently a NOP.
      *      1 -- Open the log. Currently a NOP.
      *      2 -- Read from the log.
      *      3 -- Read up to the last 4k of messages in the ring buffer.
      *      4 -- Read and clear last 4k of messages in the ring buffer
      *      5 -- Clear ring buffer.
      *      6 -- Disable printk's to console
      *      7 -- Enable printk's to console
      *      8 -- Set level of messages printed to console

     Only function 3 is allowed to non-root processes.

     The kernel log buffer
     The kernel has a cyclic buffer of length LOG_BUF_LEN  (4096,
     since  1.3.54: 8192, since 2.1.113: 16384) in which messages
     given as argument to the kernel function printk() are stored
     (regardless of their loglevel).

     The call syslog (2,buf,len)  waits  until  this  kernel  log
     buffer  is  nonempty,  and then reads at most len bytes into
     the buffer buf. It returns the number of bytes  read.  Bytes
     read  from the log disappear from the log buffer: the infor-
     mation can only be read once.  This is the function executed
     by the kernel when a user program reads /proc/kmsg.

     The call syslog (3,buf,len) will read  the  last  len  bytes
     from  the  log  buffer (nondestructively), but will not read
     more than was written into the buffer since the last  `clear
     ring  buffer'  command  (which  does not clear the buffer at
     all).  It returns the number of bytes read.

     The call syslog (4,buf,len) does  precisely  the  same,  but
     also executes the `clear ring buffer' command.

     The call syslog (5,dummy,idummy) only  executes  the  `clear
     ring buffer' command.

     The loglevel
     The kernel routine printk() will only print a message on the
     console,  if  it  has  a loglevel less than the value of the
     variable             console_loglevel             (initially
     DEFAULT_CONSOLE_LOGLEVEL  (7),  but  set to 10 if the kernel
     commandline contains the word `debug', and to 15 in case  of
     a  kernel  fault  -  the  10  and  15  are  just  silly, and
     equivalent to 8).  This variable is set (to a value  in  the
     range  1-8)  by  the call syslog (8,dummy,value).  The calls
     syslog (type,dummy,idummy with type equal to 6 or 7, set  it
     to  1  (kernel  panics only) or 7 (all except debugging mes-
     sages), respectively.

     Every text line in a message  has  its  own  loglevel.  This
     level  is  DEFAULT_MESSAGE_LOGLEVEL  - 1 (6) unless the line
     starts with <d> where d is a digit  in  the  range  1-7,  in
     which  case  the level is d. The conventional meaning of the
     loglevel is defined in <linux/kernel.h> as follows:

     #define KERN_EMERG    "<0>"  /* system is unusable               */
     #define KERN_ALERT    "<1>"  /* action must be taken immediately */
     #define KERN_CRIT     "<2>"  /* critical conditions              */
     #define KERN_ERR      "<3>"  /* error conditions                 */
     #define KERN_WARNING  "<4>"  /* warning conditions               */
     #define KERN_NOTICE   "<5>"  /* normal but significant condition */
     #define KERN_INFO     "<6>"  /* informational                    */
     #define KERN_DEBUG    "<7>"  /* debug-level messages             */


     In case of error, -1 is returned, and errno is  set.  Other-
     wise,  for  type  equal  to  2, 3 or 4, syslog() returns the
     number of bytes read, and otherwise 0.


          An attempt was made to change console_loglevel or clear
          the  kernel  message  ring  buffer by a process without
          root permissions.

          Bad parameters.

          System call was interrupted by a signal -  nothing  was


     This system call is Linux specific and should not be used in
     programs intended to be portable.