Using Lwt_log library for sending messages to a Syslog server

Hello there,

I recently started to work with Ocaml and I now want to go deeper regarding “remote debugging” facilities offered by the well known Syslog protocol.

I started to look at the documentation Lwt_log_doc and was able to define different sections for modular debugging messages while running the executable by using the following directive

LWT_LOG = " section_name_01 -> debug; … , section_name_n -> debug "

Now the problem I have is that I cannot understand how (and IF) I can easily use the Lwt_log library to setup a logger that will redirect my LOG messages to an external syslog server.

So my problems are :

• First I might encounter a conceptual misunderstanding of what exactly is the nature and limitations of the Lwt_log library. But as I went through the documentation I felt that it should be sufficient for my needs.

• Then, should I consider the external Syslog server just as the combination of a specific Logger and Section and then just output messages into this Channel. Because anyway what I need to do is just sending an UDP packet to a specific adresse at a specific port… But I doubt it would be as simple and if so I am missing an important concept of Lwt_log and/or Syslog.

• Finally I did use some search engines in order to find someone who fixed this for me already and I found some projects but they seem to rely on a lot of external libraries and I would rather use something more native if it is possible.
  https://github.com/hannesm/logs-syslog

I thank the people who will take the time to explain to me what are the misconceptions I am having on this subject.

Dear Robin,

since you mention my logs-syslog package here, let me answer you .

• Lwt_logs now moved to a separate repository (see Lwt_log: how can we use it? · Issue #468 · ocsigen/lwt · GitHub and attempt to move lwt.log into separate lwt_log by hannesm · Pull Request #484 · ocsigen/lwt · GitHub). NB: I never used Lwt_logs and can’t answer your initial question about syslog support.
• logs-syslog “depends on lot of external libraries”: my perception is different, it requires ocamlfind, ocamlbuild, and topkg for building, plus logs, ptime, and syslog-message (which itself depends additionally on astring) at runtime.
  The logs library is very convenient to use IMHO, and has builtin support for both terminal, but also browser console (when cross-compiling to JS). I wrote logs-syslog to solve the exact problem - exfiltrating log messages via syslog - once logs was adopted more widely (at least by the MirageOS community, see Announcing MirageOS 3.0.0 | MirageOS). Others (at Docker) wrote reporters for both Apply system log and Windows event log.
  The syslog-message library does not yet support structured syslog (RFC 5424), apart from that the logs-syslog library supports three transports, UDP, TCP, TLS (including client authentication) - and 3 backends: Unix (OCaml stdlib), Lwt, MirageOS. Please let me know if you have a specific use case not covered by logs-syslog. Further reading about the MirageOS syslog integration is available at Exfiltrating log data using syslog

Dear hannes,

Thank you for the quick and concise answer.

You did me convince to use your logs-syslog library, and indeed I exaggerated a “bit” the external dependancies inside your module.
I’ll keep you updated in case I don’t find what I need inside the logs-syslog module.
Anyway this is good code thank you for your work and the extra links.