1.\" Copyright (c) 1983, 1986, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)syslogd.8 8.1 (Berkeley) 6/6/93 33.\" $FreeBSD$ 34.\" 35.Dd October 12, 1995 36.Dt SYSLOGD 8 37.Os BSD 4.2 38.Sh NAME 39.Nm syslogd 40.Nd log systems messages 41.Sh SYNOPSIS 42.Nm 43.Op Fl 46Adknsuv 44.Op Fl a Ar allowed_peer 45.Op Fl f Ar config_file 46.Op Fl m Ar mark_interval 47.Op Fl p Ar log_socket 48.Op Fl P Ar pid_file 49.Op Fl l Ar path 50.Sh DESCRIPTION 51The 52.Nm 53daemon reads and logs messages to the system console, log files, other 54machines and/or users as specified by its configuration file. 55.Pp 56The options are as follows: 57.Bl -tag -width indent 58.It Fl 4 59Forces 60.Nm 61to use IPv4 addresses only. 62.It Fl 6 63Forces 64.Nm 65to use IPv6 addresses only. 66.It Fl A 67.Nm 68tries to send the message to only one address 69even if the host has more than one A or AAAA record. 70If this option is specified, 71.Nm 72tries to send the message to all addresses. 73.It Fl a Ar allowed_peer 74Allow 75.Ar allowed_peer 76to log to this 77.Nm 78using UDP datagrams. Multiple 79.Fl a 80options may be specified. 81.Pp 82.Ar Allowed_peer 83can be any of the following: 84.Bl -tag -width "ipaddr/masklen[:service]XX" 85.It Xo 86.Sm off 87.Ar ipaddr 88.No / Ar masklen 89.Op : Ar service 90.Sm on 91.Xc 92Accept datagrams from 93.Ar ipaddr 94(in the usual dotted quad notation) with 95.Ar masklen 96bits being taken into account when doing the address comparison. 97.Ar ipaddr 98can be also IPv6 address by enclosing the address with 99.Ql \&[ 100and 101.Ql \&] . 102If specified, 103.Ar service 104is the name or number of an UDP service (see 105.Xr services 5 ) 106the source packet must belong to. A 107.Ar service 108of 109.Ql \&* 110allows packets being sent from any UDP port. The default 111.Ar service 112is 113.Ql syslog . 114If 115.Ar ipaddr 116is IPv4 address, a missing 117.Ar masklen 118will be substituted by the historic class A or class B netmasks if 119.Ar ipaddr 120belongs into the address range of class A or B, respectively, or 121by 24 otherwise. If 122.Ar ipaddr 123is IPv6 address, a missing 124.Ar masklen 125will be substituted by 128. 126.It Xo 127.Sm off 128.Ar domainname Op : Ar service 129.Sm on 130.Xc 131Accept datagrams where the reverse address lookup yields 132.Ar domainname 133for the sender address. The meaning of 134.Ar service 135is as explained above. 136.It Xo 137.Sm off 138.No * Ar domainname Op : Ar service 139.Sm on 140.Xc 141Same as before, except that any source host whose name 142.Em ends 143in 144.Ar domainname 145will get permission. 146.El 147.Pp 148The 149.Fl a 150options are ignored if the 151.Fl s 152option is also specified. 153.It Fl d 154Put 155.Nm 156into debugging mode. This is probably only of use to developers working on 157.Nm . 158.It Fl f 159Specify the pathname of an alternate configuration file; 160the default is 161.Pa /etc/syslog.conf . 162.It Fl k 163Disable the translation of 164messages received with facility 165.Dq kern 166to facility 167.Dq user . 168Usually the 169.Dq kern 170facility is reserved for messages read directly from 171.Pa /dev/klog . 172.It Fl m 173Select the number of minutes between 174.Dq mark 175messages; the default is 20 minutes. 176.It Fl n 177Disable dns query for every request. 178.It Fl p 179Specify the pathname of an alternate log socket to be used instead; 180the default is 181.Pa /var/run/log . 182.It Fl P 183Specify an alternative file in which to store the process ID. 184The default is 185.Pa /var/run/syslog.pid . 186.It Fl l 187Specify a location where 188.Nm 189should place an additional log socket. 190Up to 19 additional logging sockets can be specified. 191The primary use for this is to place additional log sockets in 192.Pa /var/run/log 193of various chroot filespaces. 194.It Fl s 195Operate in secure mode. Do not log messages from remote machines. If 196specified twice, no network socket will be opened at all, which also 197disables logging to remote machines. 198.It Fl u 199Unique priority logging. Only log messages at the specified priority. 200Without this option, messages at the stated priority or higher are logged. 201This option changes the default comparison from 202.Dq => 203to 204.Dq = . 205.It Fl v 206Verbose logging. If specified once, the numeric facility and priority are 207logged with each locally-written message. If specified more than once, 208the names of the facility and priority are logged with each locally-written 209message. 210.El 211.Pp 212The 213.Nm 214daemon reads its configuration file when it starts up and whenever it 215receives a hangup signal. 216For information on the format of the configuration file, 217see 218.Xr syslog.conf 5 . 219.Pp 220The 221.Nm 222daemon reads messages from the 223.Tn UNIX 224domain socket 225.Pa /var/run/log , 226from an Internet domain socket specified in 227.Pa /etc/services , 228and from the special device 229.Pa /dev/klog 230(to read kernel messages). 231.Pp 232The 233.Nm 234daemon creates its process ID file, 235by default 236.Pa /var/run/syslog.pid , 237and stores its process 238ID there. 239This can be used to kill or reconfigure 240.Nm . 241.Pp 242The message sent to 243.Nm 244should consist of a single line. 245The message can contain a priority code, which should be a preceding 246decimal number in angle braces, for example, 247.Sq Aq 5 . 248This priority code should map into the priorities defined in the 249include file 250.Aq Pa sys/syslog.h . 251.Sh FILES 252.Bl -tag -width /var/run/syslog.pid -compact 253.It Pa /etc/syslog.conf 254configuration file 255.It Pa /var/run/syslog.pid 256default process ID file 257.It Pa /var/run/log 258name of the 259.Tn UNIX 260domain datagram log socket 261.It Pa /dev/klog 262kernel log device 263.El 264.Sh SEE ALSO 265.Xr logger 1 , 266.Xr syslog 3 , 267.Xr services 5 , 268.Xr syslog.conf 5 269.Sh HISTORY 270The 271.Nm 272command appeared in 273.Bx 4.3 . 274.Pp 275The 276.Fl a , 277.Fl s , 278.Fl u , 279and 280.Fl v 281options are 282.Fx 2.2 283extensions. 284.Sh BUGS 285The ability to log messages received in UDP packets is equivalent to 286an unauthenticated remote disk-filling service, and should probably be 287disabled by default. Some sort of 288.No inter- Ns Nm syslogd 289authentication mechanism ought to be worked out. To prevent the worst 290abuse, use of the 291.Fl a 292option is therefore highly recommended. 293.Pp 294The 295.Fl a 296matching algorithm doesn't pretend to be very efficient; use of numeric 297IP addresses is faster than domain name comparison. Since the allowed 298peer list is being walked linearly, peer groups where frequent messages 299are being anticipated from should be put early into the 300.Fl a 301list. 302.Pp 303The log socket was moved from 304.Pa /dev 305to ease the use of a read-only root filesystem. 306This may confuse 307some old binaries so that a symbolic link might be used for a 308transitional period. 309