xref: /freebsd/usr.sbin/syslogd/syslogd.8 (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1.\" Copyright (c) 1983, 1986, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 4. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"     @(#)syslogd.8	8.1 (Berkeley) 6/6/93
29.\" $FreeBSD$
30.\"
31.Dd April 13, 2005
32.Dt SYSLOGD 8
33.Os
34.Sh NAME
35.Nm syslogd
36.Nd log systems messages
37.Sh SYNOPSIS
38.Nm
39.Op Fl 46ACcdknosuv
40.Op Fl a Ar allowed_peer
41.Op Fl b Ar bind_address
42.Op Fl f Ar config_file
43.Op Fl l Oo Ar mode : Oc Ns Ar path
44.Op Fl m Ar mark_interval
45.Op Fl P Ar pid_file
46.Op Fl p Ar log_socket
47.Sh DESCRIPTION
48The
49.Nm
50utility reads and logs messages to the system console, log files, other
51machines and/or users as specified by its configuration file.
52.Pp
53The options are as follows:
54.Bl -tag -width indent
55.It Fl 4
56Force
57.Nm
58to use IPv4 addresses only.
59.It Fl 6
60Force
61.Nm
62to use IPv6 addresses only.
63.It Fl A
64Ordinarily,
65.Nm
66tries to send the message to only one address
67even if the host has more than one A or AAAA record.
68If this option is specified,
69.Nm
70tries to send the message to all addresses.
71.It Fl a Ar allowed_peer
72Allow
73.Ar allowed_peer
74to log to this
75.Nm
76using UDP datagrams.
77Multiple
78.Fl a
79options may be specified.
80.Pp
81.Ar Allowed_peer
82can be any of the following:
83.Bl -tag -width "ipaddr/masklen[:service]XX"
84.It Xo
85.Sm off
86.Ar ipaddr
87.No / Ar masklen
88.Op : Ar service
89.Sm on
90.Xc
91Accept datagrams from
92.Ar ipaddr
93(in the usual dotted quad notation) with
94.Ar masklen
95bits being taken into account when doing the address comparison.
96.Ar ipaddr
97can be also IPv6 address by enclosing the address with
98.Ql \&[
99and
100.Ql \&] .
101If specified,
102.Ar service
103is the name or number of an UDP service (see
104.Xr services 5 )
105the source packet must belong to.
106A
107.Ar service
108of
109.Ql \&*
110allows packets being sent from any UDP port.
111The default
112.Ar service
113is
114.Ql syslog .
115If
116.Ar ipaddr
117is IPv4 address, a missing
118.Ar masklen
119will be substituted by the historic class A or class B netmasks if
120.Ar ipaddr
121belongs into the address range of class A or B, respectively, or
122by 24 otherwise.
123If
124.Ar ipaddr
125is IPv6 address, a missing
126.Ar masklen
127will be substituted by 128.
128.It Xo
129.Sm off
130.Ar domainname Op : Ar service
131.Sm on
132.Xc
133Accept datagrams where the reverse address lookup yields
134.Ar domainname
135for the sender address.
136The meaning of
137.Ar service
138is as explained above.
139.It Xo
140.Sm off
141.No * Ar domainname Op : Ar service
142.Sm on
143.Xc
144Same as before, except that any source host whose name
145.Em ends
146in
147.Ar domainname
148will get permission.
149.El
150.Pp
151The
152.Fl a
153options are ignored if the
154.Fl s
155option is also specified.
156.It Fl b Ar bind_address
157Specify one specific IP address or hostname to bind to.
158If a hostname is specified,
159the IPv4 or IPv6 address which corresponds to it is used.
160.It Fl C
161Create log files that do not exist (permission is set to
162.Li 0600 ) .
163.It Fl c
164Disable the compression of repeated instances of the same line
165into a single line of the form
166.Dq Li "last message repeated N times"
167when the output is a pipe to another program.
168If specified twice, disable this compression in all cases.
169.It Fl d
170Put
171.Nm
172into debugging mode.
173This is probably only of use to developers working on
174.Nm .
175.It Fl f
176Specify the pathname of an alternate configuration file;
177the default is
178.Pa /etc/syslog.conf .
179.It Fl k
180Disable the translation of
181messages received with facility
182.Dq kern
183to facility
184.Dq user .
185Usually the
186.Dq kern
187facility is reserved for messages read directly from
188.Pa /dev/klog .
189.It Fl m
190Select the number of minutes between
191.Dq mark
192messages; the default is 20 minutes.
193.It Fl n
194Disable dns query for every request.
195.It Fl o
196Prefix kernel messages with the full kernel boot file as determined by
197.Xr getbootfile 3 .
198Without this, the kernel message prefix is always
199.Dq Li kernel: .
200.It Fl p
201Specify the pathname of an alternate log socket to be used instead;
202the default is
203.Pa /var/run/log .
204.It Fl P
205Specify an alternative file in which to store the process ID.
206The default is
207.Pa /var/run/syslog.pid .
208.It Fl S
209Specify the pathname of an alternate log socket for privileged
210applications to be used instead; the default is
211.Pa /var/run/logpriv .
212.It Fl l
213Specify a location where
214.Nm
215should place an additional log socket.
216The primary use for this is to place additional log sockets in
217.Pa /var/run/log
218of various chroot filespaces.
219File permissions for socket can be specified in octal representation
220before socket name, delimited with a colon.
221Path to socket location must be absolute.
222.It Fl s
223Operate in secure mode.
224Do not log messages from remote machines.
225If
226specified twice, no network socket will be opened at all, which also
227disables logging to remote machines.
228.It Fl u
229Unique priority logging.
230Only log messages at the specified priority.
231Without this option, messages at the stated priority or higher are logged.
232This option changes the default comparison from
233.Dq =>
234to
235.Dq = .
236.It Fl v
237Verbose logging.
238If specified once, the numeric facility and priority are
239logged with each locally-written message.
240If specified more than once,
241the names of the facility and priority are logged with each locally-written
242message.
243.El
244.Pp
245The
246.Nm
247utility reads its configuration file when it starts up and whenever it
248receives a hangup signal.
249For information on the format of the configuration file,
250see
251.Xr syslog.conf 5 .
252.Pp
253The
254.Nm
255utility reads messages from the
256.Ux
257domain sockets
258.Pa /var/run/log
259and
260.Pa /var/run/logpriv ,
261from an Internet domain socket specified in
262.Pa /etc/services ,
263and from the special device
264.Pa /dev/klog
265(to read kernel messages).
266.Pp
267The
268.Nm
269utility creates its process ID file,
270by default
271.Pa /var/run/syslog.pid ,
272and stores its process
273ID there.
274This can be used to kill or reconfigure
275.Nm .
276.Pp
277The message sent to
278.Nm
279should consist of a single line.
280The message can contain a priority code, which should be a preceding
281decimal number in angle braces, for example,
282.Sq Aq 5 .
283This priority code should map into the priorities defined in the
284include file
285.In sys/syslog.h .
286.Pp
287For security reasons,
288.Nm
289will not append to log files that do not exist (unless
290.Fl C
291option is specified);
292therefore, they must be created manually before running
293.Nm .
294.Sh FILES
295.Bl -tag -width /var/run/syslog.pid -compact
296.It Pa /etc/syslog.conf
297configuration file
298.It Pa /var/run/syslog.pid
299default process ID file
300.It Pa /var/run/log
301name of the
302.Ux
303domain datagram log socket
304.It Pa /var/run/logpriv
305.Ux
306socket for privileged applications
307.It Pa /dev/klog
308kernel log device
309.El
310.Sh SEE ALSO
311.Xr logger 1 ,
312.Xr syslog 3 ,
313.Xr services 5 ,
314.Xr syslog.conf 5 ,
315.Xr newsyslog 8
316.Sh HISTORY
317The
318.Nm
319utility appeared in
320.Bx 4.3 .
321.Pp
322The
323.Fl a ,
324.Fl s ,
325.Fl u ,
326and
327.Fl v
328options are
329.Fx 2.2
330extensions.
331.Sh BUGS
332The ability to log messages received in UDP packets is equivalent to
333an unauthenticated remote disk-filling service, and should probably be
334disabled by default.
335Some sort of
336.No inter- Ns Nm syslogd
337authentication mechanism ought to be worked out.
338To prevent the worst
339abuse, use of the
340.Fl a
341option is therefore highly recommended.
342.Pp
343The
344.Fl a
345matching algorithm does not pretend to be very efficient; use of numeric
346IP addresses is faster than domain name comparison.
347Since the allowed
348peer list is being walked linearly, peer groups where frequent messages
349are being anticipated from should be put early into the
350.Fl a
351list.
352.Pp
353The log socket was moved from
354.Pa /dev
355to ease the use of a read-only root file system.
356This may confuse
357some old binaries so that a symbolic link might be used for a
358transitional period.
359