有没有办法从 Linux 下的 C++ 应用程序实时监控系统日志？

Question

I'm on an ARM Linux board that has some USB issues when a USB 1.1 device is connected or disconnected to the USB 3.0 ports, in that case a kernel message is generated, something like:

[14720.301195@0] usb 1-1.4: urb status -32

This message literally floods the syslog repeating itself hundreds of times. My application needs to intercept this message as soon as possible and perform some actions such as release some peripherals and re-instantiate some objects. Since the error is generated only while other USB 1.1 devices are open and in use, as soon as I release them the error disappears. This seems the only way to prevent the message flood.

I've tried with polling on the bash command:

tail -n 1 /var/log/syslog

but apparently the log file isn't updated quickly enough, even if I mount /var/log/ in a ram disk (ramfs).

I don't know how else I could "connect" to the syslog and read the messages in real-time, as soon as they are generated.

Answer 1

Try to use the -f (follow) flag.

tail -f /var/log/syslog

Then you don't need to poll it every time. The following seems to work on my Linux:

#include <iostream>
#include <memory>

using namespace std;

int main()
{
    unique_ptr<FILE, decltype(&pclose)> pipe(popen("tail -f /var/log/syslog", "r"), pclose);
    if (!pipe)
        throw runtime_error("popen failed");

    array<char, 4096> buffer;
    while (fgets(buffer.data(), buffer.size(), pipe.get()))
        cout << "SYSLOG: " << buffer.data() << endl;
}

and can be debugged with:

python -c 'import syslog; syslog.syslog("Hello syslog")'