As part of some driver work for a client I looked at some fast logging methods since logging via printk() to syslog sucks.

Here are the hits I got:

  • ULOG - it's what netfilter uses for logging packets. It relies on netlink for transport and a ulogd in user space to treat the logs. Apparently ULOG2 is in the works.
  • DBUS - patch from Robert Love that adds a fast event notification mechanism to the kernel. It too relies on netlink for transport. It's mostly meant for events like "Your CPU is overheating", not packet logging.
  • relayfs - a patch that adds a flexible buffering scheme for logging. Seems like the most flexible of the bunch.

Looks like none of the above are flexible and supported by deployed kernels (our target is RHEL3)... so syslog it is in the interim.