syslog - read and/or clear kernel message ring buffer; set
_syscall3(int, syslog, int, type, char *,
int syslog(int type, char *bufp, int len
This is probably not the function you are interested in.
Look at syslog(3) for the C library interface. This page
only documents the bare kernel system call interface.
The type argument determines the action taken by syslog.
Quoting from kernel/printk.c:
* Commands to sys_syslog:
* 0 -- Close the log. Currently a NOP.
* 1 -- Open the log. Currently a NOP.
* 2 -- Read from the log.
* 3 -- Read up to the last 4k of messages in the ring buffer.
* 4 -- Read and clear last 4k of messages in the ring buffer
* 5 -- Clear ring buffer.
* 6 -- Disable printk's to console
* 7 -- Enable printk's to console
* 8 -- Set level of messages printed to console
Only function 3 is allowed to non-root processes.
The kernel log buffer
The kernel has a cyclic buffer of length LOG_BUF_LEN (4096,
since 1.3.54: 8192, since 2.1.113: 16384) in which messages
given as argument to the kernel function printk() are stored
(regardless of their loglevel).
The call syslog (2,buf,len) waits until this kernel log
buffer is nonempty, and then reads at most len bytes into
the buffer buf. It returns the number of bytes read. Bytes
read from the log disappear from the log buffer: the infor-
mation can only be read once. This is the function executed
by the kernel when a user program reads /proc/kmsg.
The call syslog (3,buf,len) will read the last len bytes
from the log buffer (nondestructively), but will not read
more than was written into the buffer since the last `clear
ring buffer' command (which does not clear the buffer at
all). It returns the number of bytes read.
The call syslog (4,buf,len) does precisely the same, but
also executes the `clear ring buffer' command.
The call syslog (5,dummy,idummy) only executes the `clear
ring buffer' command.
The kernel routine printk() will only print a message on the
console, if it has a loglevel less than the value of the
variable console_loglevel (initially
DEFAULT_CONSOLE_LOGLEVEL (7), but set to 10 if the kernel
commandline contains the word `debug', and to 15 in case of
a kernel fault - the 10 and 15 are just silly, and
equivalent to 8). This variable is set (to a value in the
range 1-8) by the call syslog (8,dummy,value). The calls
syslog (type,dummy,idummy with type equal to 6 or 7, set it
to 1 (kernel panics only) or 7 (all except debugging mes-
Every text line in a message has its own loglevel. This
level is DEFAULT_MESSAGE_LOGLEVEL - 1 (6) unless the line
starts with <d> where d is a digit in the range 1-7, in
which case the level is d. The conventional meaning of the
loglevel is defined in <linux/kernel.h> as follows:
#define KERN_EMERG "<0>" /* system is unusable */
#define KERN_ALERT "<1>" /* action must be taken immediately */
#define KERN_CRIT "<2>" /* critical conditions */
#define KERN_ERR "<3>" /* error conditions */
#define KERN_WARNING "<4>" /* warning conditions */
#define KERN_NOTICE "<5>" /* normal but significant condition */
#define KERN_INFO "<6>" /* informational */
#define KERN_DEBUG "<7>" /* debug-level messages */
In case of error, -1 is returned, and errno is set. Other-
wise, for type equal to 2, 3 or 4, syslog() returns the
number of bytes read, and otherwise 0.
An attempt was made to change console_loglevel or clear
the kernel message ring buffer by a process without
System call was interrupted by a signal - nothing was
This system call is Linux specific and should not be used in
programs intended to be portable.