1.\" Copyright (c) 1983, 1986, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)syslogd.8 8.1 (Berkeley) 6/6/93 29.\" $FreeBSD$ 30.\" 31.Dd March 3, 2017 32.Dt SYSLOGD 8 33.Os 34.Sh NAME 35.Nm syslogd 36.Nd log systems messages 37.Sh SYNOPSIS 38.Nm 39.Op Fl 468ACcdFkNnosTuv 40.Op Fl a Ar allowed_peer 41.Op Fl b Ar bind_address 42.Op Fl f Ar config_file 43.Op Fl l Oo Ar mode Ns \&: Oc Ns Ar path 44.Op Fl m Ar mark_interval 45.Op Fl P Ar pid_file 46.Op Fl p Ar log_socket 47.Op Fl S Ar logpriv_socket 48.Sh DESCRIPTION 49The 50.Nm 51utility reads and logs messages to the system console, 52log files, 53other 54machines and/or users as specified by its configuration file. 55.Pp 56The options are as follows: 57.Bl -tag -width indent 58.It Fl 4 59Force 60.Nm 61to use IPv4 addresses only. 62.It Fl 6 63Force 64.Nm 65to use IPv6 addresses only. 66.It Fl 8 67Tells 68.Nm 69not to interfere with 8-bit data. 70Normally 71.Nm 72will replace C1 control characters 73.Pq ISO 8859 and Unicode characters 74with their 75.Dq M- Ns Em x 76equivalent. 77Note, this option does not change the way 78.Nm 79alters control characters 80.Pq see Xr iscntrl 3 . 81They will always be replaced with their 82.Dq ^ Ns Em x 83equivalent. 84.It Fl A 85Ordinarily, 86.Nm 87tries to send the message to only one address 88even if the host has more than one A or AAAA record. 89If this option is specified, 90.Nm 91tries to send the message to all addresses. 92.It Fl a Ar allowed_peer 93Allow 94.Ar allowed_peer 95to log to this 96.Nm 97using UDP datagrams. 98Multiple 99.Fl a 100options may be specified. 101.Pp 102The 103.Ar allowed_peer 104option may be any of the following: 105.Bl -tag -width "ipaddr[/prefixlen][:service]XX" 106.It Xo 107.Sm off 108.Ar ipaddr 109.Op / Ar masklen 110.Op \&: Ar service 111.Pp 112.Ar ipaddr 113.Op / Ar prefixlen 114.Op \&: Ar service 115.Sm on 116.Xc 117Accept datagrams from 118.Ar ipaddr , 119.Ar ipaddr 120can be specified as an IPv4 address or as an IPv6 121address enclosed with 122.Ql \&[ 123and 124.Ql \&] . 125If specified, 126.Ar service 127is the name or number of an UDP service (see 128.Xr services 5 ) 129the source packet must belong to. 130A 131.Ar service 132of 133.Ql \&* 134accepts UDP packets from any source port. 135The default 136.Ar service 137is 138.Ql syslog . 139If 140.Ar ipaddr 141is IPv4 address, a missing 142.Ar masklen 143will be substituted by the historic class A or class B netmasks if 144.Ar ipaddr 145belongs into the address range of class A or B, 146respectively, 147or by 24 otherwise. 148If 149.Ar ipaddr 150is IPv6 address, 151a missing 152.Ar masklen 153will be substituted by 128. 154.It Xo 155.Sm off 156.Ar domainname Op \&: Ar service 157.Sm on 158.Xc 159Accept datagrams where the reverse address lookup yields 160.Ar domainname 161for the sender address. 162The meaning of 163.Ar service 164is as explained above. 165.Ar domainname 166can contain special characters of a shell-style pattern such as 167.Ql Li \&* . 168.El 169.Pp 170The 171.Fl a 172options are ignored if the 173.Fl s 174option is also specified. 175.It Xo 176.Fl b 177.Sm off 178.Ar bind_address Op \&: Ar service 179.Sm on 180.Xc 181.It Xo 182.Fl b 183.Sm off 184.Li \&: Ar service 185.Sm on 186.Xc 187Bind to a specific address and/or port. 188The address can be specified as a hostname, 189and the port as a service name. 190If an IPv6 address is specified, it should be enclosed with 191.Ql \&[ 192and 193.Ql \&] . 194The default 195.Ar service 196is 197.Ql syslog . 198This option can be specified multiple times to bind to 199multiple addresses and/or ports. 200.It Fl C 201Create log files that do not exist 202.Pq permission is set to Ql Li 0600 . 203.It Fl c 204Disable the compression of repeated instances of the same line 205into a single line of the form 206.Dq Li "last message repeated N times" 207when the output is a pipe to another program. 208If specified twice, 209disable this compression in all cases. 210.It Fl d 211Put 212.Nm 213into debugging mode. 214This is probably only of use to developers working on 215.Nm . 216.It Fl f Ar config_file 217Specify the pathname of an alternate configuration file; 218the default is 219.Pa /etc/syslog.conf . 220.It Fl F 221Run 222.Nm 223in the foreground, 224rather than going into daemon mode. 225This is useful if some other process uses 226.Xr fork 2 227and 228.Xr exec 3 229to run 230.Nm , 231and wants to monitor when and how it exits. 232.It Fl k 233Disable the translation of 234messages received with facility 235.Dq kern 236to facility 237.Dq user . 238Usually the 239.Dq kern 240facility is reserved for messages read directly from 241.Pa /dev/klog . 242.It Fl m Ar mark_interval 243Select the number of minutes between 244.Dq mark 245messages; 246the default is 20 minutes. 247.It Fl N 248Disable binding on UDP sockets. 249RFC 3164 recommends that outgoing 250.Nm 251messages should originate from the privileged port, 252this option 253.Em disables 254the recommended behavior. 255This option inherits 256.Fl s . 257.It Fl n 258Disable DNS query for every request. 259.It Fl o 260Prefix kernel messages with the full kernel boot file as determined by 261.Xr getbootfile 3 . 262Without this, the kernel message prefix is always 263.Dq Li kernel: . 264.It Fl p Ar log_socket 265Specify the pathname of an alternate log socket to be used instead; 266the default is 267.Pa /var/run/log . 268When a single 269.Fl p 270option is specified, 271the default pathname is replaced with the specified one. 272When two or more 273.Fl p 274options are specified, 275the remaining pathnames are treated as additional log sockets. 276.It Fl P Ar pid_file 277Specify an alternative file in which to store the process ID. 278The default is 279.Pa /var/run/syslog.pid . 280.It Fl S Ar logpriv_socket 281Specify the pathname of an alternate log socket for privileged 282applications to be used instead; 283the default is 284.Pa /var/run/logpriv . 285When a single 286.Fl S 287option is specified, 288the default pathname is replaced with the specified one. 289When two or more 290.Fl S 291options are specified, 292the remaining pathnames are treated as additional log sockets. 293.It Fl l Oo Ar mode Ns \&: Oc Ns Ar path 294Specify a location where 295.Nm 296should place an additional log socket. 297The primary use for this is to place additional log sockets in 298.Pa /var/run/log 299of various chroot filespaces. 300File permissions for socket can be specified in octal representation in 301.Ar mode , 302delimited with a colon. 303The socket location must be specified as an absolute pathname in 304.Ar path . 305.It Fl s 306Operate in secure mode. 307Do not log messages from remote machines. 308If specified twice, 309no network socket will be opened at all, 310which also disables logging to remote machines. 311.It Fl T 312Always use the local time and date for messages received from the network, 313instead of the timestamp field supplied in the message by the remote host. 314This is useful if some of the originating hosts cannot keep time properly 315or are unable to generate a correct timestamp. 316.It Fl u 317Unique priority logging. 318Only log messages at the specified priority. 319Without this option, 320messages at the stated priority or higher are logged. 321This option changes the default comparison from 322.Dq => 323to 324.Dq = . 325.It Fl v 326Verbose logging. 327If specified once, 328the numeric facility and priority are 329logged with each locally-written message. 330If specified more than once, 331the names of the facility and priority are logged with each locally-written 332message. 333.El 334.Pp 335The 336.Nm 337utility reads its configuration file when it starts up and whenever it 338receives a hangup signal. 339For information on the format of the configuration file, 340see 341.Xr syslog.conf 5 . 342.Pp 343The 344.Nm 345utility reads messages from the 346.Ux 347domain sockets 348.Pa /var/run/log 349and 350.Pa /var/run/logpriv , 351from an Internet domain socket specified in 352.Pa /etc/services , 353and from the special device 354.Pa /dev/klog 355.Pq to read kernel messages . 356.Pp 357The 358.Nm 359utility creates its process ID file, 360by default 361.Pa /var/run/syslog.pid , 362and stores its process 363ID there. 364This can be used to kill or reconfigure 365.Nm . 366.Pp 367The message sent to 368.Nm 369should consist of a single line. 370The message can contain a priority code, 371which should be a preceding 372decimal number in angle braces, 373for example, 374.Sq Aq 5 . 375This priority code should map into the priorities defined in the 376include file 377.In sys/syslog.h . 378.Pp 379For security reasons, 380.Nm 381will not append to log files that do not exist 382.Po unless Fl C 383option is specified 384.Pc ; 385therefore, they must be created manually before running 386.Nm . 387.Pp 388The date and time are taken from the received message. 389If the format of the timestamp field is incorrect, 390time obtained from the local host is used instead. 391This can be overridden by the 392.Fl T 393flag. 394.Sh FILES 395.Bl -tag -width /var/run/syslog.pid -compact 396.It Pa /etc/syslog.conf 397configuration file 398.It Pa /var/run/syslog.pid 399default process ID file 400.It Pa /var/run/log 401name of the 402.Ux 403domain datagram log socket 404.It Pa /var/run/logpriv 405.Ux 406socket for privileged applications 407.It Pa /dev/klog 408kernel log device 409.El 410.Sh SEE ALSO 411.Xr logger 1 , 412.Xr syslog 3 , 413.Xr services 5 , 414.Xr syslog.conf 5 , 415.Xr newsyslog 8 416.Sh HISTORY 417The 418.Nm 419utility appeared in 420.Bx 4.3 . 421.Pp 422The 423.Fl a , 424.Fl s , 425.Fl u , 426and 427.Fl v 428options are 429.Fx 2.2 430extensions. 431.Sh BUGS 432The ability to log messages received in UDP packets is equivalent to 433an unauthenticated remote disk-filling service, 434and should probably be disabled by default. 435Some sort of 436.No inter- Ns Nm syslogd 437authentication mechanism ought to be worked out. 438To prevent the worst abuse, 439use of the 440.Fl a 441option is therefore highly recommended. 442.Pp 443The 444.Fl a 445matching algorithm does not pretend to be very efficient; 446use of numeric IP addresses is faster than domain name comparison. 447Since the allowed peer list is being walked linearly, 448peer groups where frequent messages are being anticipated 449from should be put early into the 450.Fl a 451list. 452.Pp 453The log socket was moved from 454.Pa /dev 455to ease the use of a read-only root file system. 456This may confuse 457some old binaries so that a symbolic link might be used for a 458transitional period. 459