usr.sbin/syslogd/syslogd.8

*3e07920fSDavid van Moolenbroek.\"	$NetBSD: syslogd.8,v 1.54 2013/01/14 03:05:41 dholland Exp $
*3e07920fSDavid van Moolenbroek.\"
*3e07920fSDavid van Moolenbroek.\" Copyright (c) 1983, 1986, 1991, 1993
*3e07920fSDavid van Moolenbroek.\"	The Regents of the University of California.  All rights reserved.
*3e07920fSDavid van Moolenbroek.\"
*3e07920fSDavid van Moolenbroek.\" Redistribution and use in source and binary forms, with or without
*3e07920fSDavid van Moolenbroek.\" modification, are permitted provided that the following conditions
*3e07920fSDavid van Moolenbroek.\" are met:
*3e07920fSDavid van Moolenbroek.\" 1. Redistributions of source code must retain the above copyright
*3e07920fSDavid van Moolenbroek.\"    notice, this list of conditions and the following disclaimer.
*3e07920fSDavid van Moolenbroek.\" 2. Redistributions in binary form must reproduce the above copyright
*3e07920fSDavid van Moolenbroek.\"    notice, this list of conditions and the following disclaimer in the
*3e07920fSDavid van Moolenbroek.\"    documentation and/or other materials provided with the distribution.
*3e07920fSDavid van Moolenbroek.\" 3. Neither the name of the University nor the names of its contributors
*3e07920fSDavid van Moolenbroek.\"    may be used to endorse or promote products derived from this software
*3e07920fSDavid van Moolenbroek.\"    without specific prior written permission.
*3e07920fSDavid van Moolenbroek.\"
*3e07920fSDavid van Moolenbroek.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
*3e07920fSDavid van Moolenbroek.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
*3e07920fSDavid van Moolenbroek.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
*3e07920fSDavid van Moolenbroek.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
*3e07920fSDavid van Moolenbroek.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
*3e07920fSDavid van Moolenbroek.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
*3e07920fSDavid van Moolenbroek.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
*3e07920fSDavid van Moolenbroek.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
*3e07920fSDavid van Moolenbroek.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
*3e07920fSDavid van Moolenbroek.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
*3e07920fSDavid van Moolenbroek.\" SUCH DAMAGE.
*3e07920fSDavid van Moolenbroek.\"
*3e07920fSDavid van Moolenbroek.\"     from: @(#)syslogd.8	8.1 (Berkeley) 6/6/93
*3e07920fSDavid van Moolenbroek.\"
*3e07920fSDavid van Moolenbroek.Dd March 28, 2012
*3e07920fSDavid van Moolenbroek.Dt SYSLOGD 8
*3e07920fSDavid van Moolenbroek.Os
*3e07920fSDavid van Moolenbroek.Sh NAME
*3e07920fSDavid van Moolenbroek.Nm syslogd
*3e07920fSDavid van Moolenbroek.Nd log systems messages
*3e07920fSDavid van Moolenbroek.Sh SYNOPSIS
*3e07920fSDavid van Moolenbroek.Nm
*3e07920fSDavid van Moolenbroek.Op Fl dnrSsTUv
*3e07920fSDavid van Moolenbroek.Op Fl b Ar bind_address
*3e07920fSDavid van Moolenbroek.Op Fl f Ar config_file
*3e07920fSDavid van Moolenbroek.Op Fl g Ar group
*3e07920fSDavid van Moolenbroek.Op Fl m Ar mark_interval
*3e07920fSDavid van Moolenbroek.Op Fl o Ar output_format
*3e07920fSDavid van Moolenbroek.Op Fl P Ar file_list
*3e07920fSDavid van Moolenbroek.Oo
*3e07920fSDavid van Moolenbroek.Fl p Ar log_socket
*3e07920fSDavid van Moolenbroek.Op Fl p Ar log_socket2 ...
*3e07920fSDavid van Moolenbroek.Oc
*3e07920fSDavid van Moolenbroek.Op Fl t Ar chroot_dir
*3e07920fSDavid van Moolenbroek.Op Fl u Ar user
*3e07920fSDavid van Moolenbroek.Sh DESCRIPTION
*3e07920fSDavid van Moolenbroek.Nm
*3e07920fSDavid van Moolenbroekreads and logs messages to the system console, log files, other
*3e07920fSDavid van Moolenbroekmachines and/or users as specified by its configuration file.
*3e07920fSDavid van MoolenbroekThe options are as follows:
*3e07920fSDavid van Moolenbroek.Bl -tag -width 15n
*3e07920fSDavid van Moolenbroek.It Fl b Ar bind_address
*3e07920fSDavid van MoolenbroekSpecify one specific IP address or hostname to bind to.
*3e07920fSDavid van MoolenbroekIf a hostname is specified, the IPv4 or IPv6 address
*3e07920fSDavid van Moolenbroekwhich corresponds to it is used.
*3e07920fSDavid van Moolenbroek.It Fl d
*3e07920fSDavid van MoolenbroekEnable debugging to the standard output,
*3e07920fSDavid van Moolenbroekand do not disassociate from the controlling terminal.
*3e07920fSDavid van Moolenbroek.It Fl f Ar config_file
*3e07920fSDavid van MoolenbroekSpecify the pathname of an alternative configuration file;
*3e07920fSDavid van Moolenbroekthe default is
*3e07920fSDavid van Moolenbroek.Pa /etc/syslog.conf .
*3e07920fSDavid van Moolenbroek.It Fl g Ar group
*3e07920fSDavid van MoolenbroekSet GID to
*3e07920fSDavid van Moolenbroek.Ar group
*3e07920fSDavid van Moolenbroekafter the sockets and log files have been opened.
*3e07920fSDavid van Moolenbroek.It Fl m Ar mark_interval
*3e07920fSDavid van MoolenbroekSelect the number of minutes between ``mark'' messages;
*3e07920fSDavid van Moolenbroekthe default is 20 minutes.
*3e07920fSDavid van Moolenbroek.It Fl n
*3e07920fSDavid van MoolenbroekDo not perform hostname lookups; report only numeric addresses.
*3e07920fSDavid van Moolenbroek.It Fl o Ar output_format
*3e07920fSDavid van MoolenbroekSelect output message format.
*3e07920fSDavid van Moolenbroek.Bl -hang
*3e07920fSDavid van Moolenbroek.It Em bsd , rfc3164
*3e07920fSDavid van Moolenbroektraditional BSD Syslog format (default)
*3e07920fSDavid van Moolenbroek.It Em syslog , rfc5424
*3e07920fSDavid van Moolenbroeknew syslog-protocol format
*3e07920fSDavid van Moolenbroek.El
*3e07920fSDavid van Moolenbroek.It Fl P
*3e07920fSDavid van MoolenbroekSpecify the pathname of a file containing a list of sockets to be
*3e07920fSDavid van Moolenbroekcreated.
*3e07920fSDavid van MoolenbroekThe format of the file is simply one socket per line.
*3e07920fSDavid van Moolenbroek.It Fl p Ar log_socket
*3e07920fSDavid van MoolenbroekSpecify the pathname of a log socket.
*3e07920fSDavid van MoolenbroekMultiple
*3e07920fSDavid van Moolenbroek.Fl p
*3e07920fSDavid van Moolenbroekoptions create multiple log sockets.
*3e07920fSDavid van MoolenbroekIf no
*3e07920fSDavid van Moolenbroek.Fl p
*3e07920fSDavid van Moolenbroekarguments are given, the default socket of
*3e07920fSDavid van Moolenbroek.Pa /var/run/log
*3e07920fSDavid van Moolenbroekis used.
*3e07920fSDavid van Moolenbroek.It Fl r
*3e07920fSDavid van MoolenbroekDisable the compression of repeated instances of the same line
*3e07920fSDavid van Moolenbroekinto a single line of the form
*3e07920fSDavid van Moolenbroek.Dq last message repeated N times .
*3e07920fSDavid van Moolenbroek.It Fl S
*3e07920fSDavid van MoolenbroekSync kernel messages to disk immediately.
*3e07920fSDavid van Moolenbroek.It Fl s
*3e07920fSDavid van MoolenbroekSelect
*3e07920fSDavid van Moolenbroek.Dq secure
*3e07920fSDavid van Moolenbroekmode, in which
*3e07920fSDavid van Moolenbroek.Nm
*3e07920fSDavid van Moolenbroekdoes not listen on a UDP socket but only communicates over a
*3e07920fSDavid van Moolenbroek.Ux
*3e07920fSDavid van Moolenbroekdomain socket.
*3e07920fSDavid van MoolenbroekThis is valuable when the machine on
*3e07920fSDavid van Moolenbroekwhich
*3e07920fSDavid van Moolenbroek.Nm
*3e07920fSDavid van Moolenbroekruns is subject to attack over the network and it is desired
*3e07920fSDavid van Moolenbroekthat the machine be protected from attempts to remotely fill logs
*3e07920fSDavid van Moolenbroekand similar attacks.
*3e07920fSDavid van Moolenbroek.It Fl t Ar chroot_dir
*3e07920fSDavid van Moolenbroek.Xr chroot 2
*3e07920fSDavid van Moolenbroekto
*3e07920fSDavid van Moolenbroek.Ar chroot_dir
*3e07920fSDavid van Moolenbroekafter the sockets and log files have been opened.
*3e07920fSDavid van Moolenbroek.It Fl T
*3e07920fSDavid van MoolenbroekAlways use the local time and date for messages received from the
*3e07920fSDavid van Moolenbroeknetwork, instead of the timestamp field supplied in the message
*3e07920fSDavid van Moolenbroekby the remote host.
*3e07920fSDavid van MoolenbroekThis is useful if some of the originating hosts can't keep time
*3e07920fSDavid van Moolenbroekproperly or are unable to generate a correct timestamp.
*3e07920fSDavid van Moolenbroek.It Fl u Ar user
*3e07920fSDavid van MoolenbroekSet UID to
*3e07920fSDavid van Moolenbroek.Ar user
*3e07920fSDavid van Moolenbroekafter the sockets and log files have been opened.
*3e07920fSDavid van Moolenbroek.It Fl U
*3e07920fSDavid van MoolenbroekUnique priority logging.
*3e07920fSDavid van MoolenbroekOnly log messages at the priority specified by the selector in the
*3e07920fSDavid van Moolenbroekconfiguration file.
*3e07920fSDavid van MoolenbroekWithout this option, messages at the specified priority or higher are
*3e07920fSDavid van Moolenbroeklogged.
*3e07920fSDavid van MoolenbroekThis option changes the default priority comparison from
*3e07920fSDavid van Moolenbroek.Sq \*[Gt]=
*3e07920fSDavid van Moolenbroekto
*3e07920fSDavid van Moolenbroek.Sq = .
*3e07920fSDavid van Moolenbroek.It Fl v
*3e07920fSDavid van MoolenbroekVerbose logging.
*3e07920fSDavid van MoolenbroekIf specified once, the numeric facility and priority are logged with
*3e07920fSDavid van Moolenbroekeach locally-written message.
*3e07920fSDavid van MoolenbroekIf specified more than once, the names of the facility and priority are
*3e07920fSDavid van Moolenbroeklogged with each locally-written message.
*3e07920fSDavid van Moolenbroek.El
*3e07920fSDavid van Moolenbroek.Pp
*3e07920fSDavid van Moolenbroek.Nm
*3e07920fSDavid van Moolenbroekreads its configuration file when it starts up and whenever it
*3e07920fSDavid van Moolenbroekreceives a hangup signal.
*3e07920fSDavid van MoolenbroekFor information on the format of the configuration file,
*3e07920fSDavid van Moolenbroeksee
*3e07920fSDavid van Moolenbroek.Xr syslog.conf 5 .
*3e07920fSDavid van Moolenbroek.Pp
*3e07920fSDavid van Moolenbroek.Nm
*3e07920fSDavid van Moolenbroekreads messages from the
*3e07920fSDavid van Moolenbroek.Ux
*3e07920fSDavid van Moolenbroekdomain socket
*3e07920fSDavid van Moolenbroek.Pa /var/run/log ,
*3e07920fSDavid van Moolenbroekfrom an Internet domain socket specified in
*3e07920fSDavid van Moolenbroek.Pa /etc/services ,
*3e07920fSDavid van Moolenbroekand from the special device
*3e07920fSDavid van Moolenbroek.Pa /dev/klog
*3e07920fSDavid van Moolenbroek(to read kernel messages).
*3e07920fSDavid van Moolenbroek.Pp
*3e07920fSDavid van Moolenbroek.Nm
*3e07920fSDavid van Moolenbroekcreates the file
*3e07920fSDavid van Moolenbroek.Pa /var/run/syslogd.pid ,
*3e07920fSDavid van Moolenbroekand stores its process
*3e07920fSDavid van Moolenbroekid there.
*3e07920fSDavid van MoolenbroekThis can be used to kill or reconfigure
*3e07920fSDavid van Moolenbroek.Nm .
*3e07920fSDavid van Moolenbroek.Pp
*3e07920fSDavid van MoolenbroekBy using multiple
*3e07920fSDavid van Moolenbroek.Fl p
*3e07920fSDavid van Moolenbroekoptions, one can set up many chroot environments by passing the pathname
*3e07920fSDavid van Moolenbroekto the log socket
*3e07920fSDavid van Moolenbroek.Pa ( /var/run/log )
*3e07920fSDavid van Moolenbroekin each chroot area to
*3e07920fSDavid van Moolenbroek.Nm .
*3e07920fSDavid van MoolenbroekFor example:
*3e07920fSDavid van Moolenbroek.Dl syslogd -p /var/run/log -p /web/var/run/log -p /ftp/var/run/log
*3e07920fSDavid van Moolenbroek.Pp
*3e07920fSDavid van MoolenbroekNote: the normal log socket must now also be passed to
*3e07920fSDavid van Moolenbroek.Nm .
*3e07920fSDavid van Moolenbroek.Pp
*3e07920fSDavid van MoolenbroekThe logged message includes the date, time, and hostname (or pathname of
*3e07920fSDavid van Moolenbroekthe log socket).
*3e07920fSDavid van MoolenbroekCommonly, the program name and the process id is included.
*3e07920fSDavid van Moolenbroek.Pp
*3e07920fSDavid van MoolenbroekThe date and time are taken from the received message.
*3e07920fSDavid van MoolenbroekIf the format of the timestamp field is incorrect, time obtained from
*3e07920fSDavid van Moolenbroekthe local host is used instead.
*3e07920fSDavid van MoolenbroekThis can be overridden by the
*3e07920fSDavid van Moolenbroek.Fl T
*3e07920fSDavid van Moolenbroekflag.
*3e07920fSDavid van Moolenbroek.Pp
*3e07920fSDavid van MoolenbroekAccesses from UDP socket can be filtered by libwrap configuration files, like
*3e07920fSDavid van Moolenbroek.Pa /etc/hosts.deny .
*3e07920fSDavid van MoolenbroekSpecify
*3e07920fSDavid van Moolenbroek.Dq Li syslogd
*3e07920fSDavid van Moolenbroekin
*3e07920fSDavid van Moolenbroek.Ar daemon_list
*3e07920fSDavid van Moolenbroekportion of the configuration files.
*3e07920fSDavid van MoolenbroekRefer to
*3e07920fSDavid van Moolenbroek.Xr hosts_access 5
*3e07920fSDavid van Moolenbroekfor details.
*3e07920fSDavid van Moolenbroek.Ss SYSLOG PROTOCOL NOTES
*3e07920fSDavid van Moolenbroek.Nm
*3e07920fSDavid van Moolenbroekaccepts messages in traditional BSD Syslog or in newer Syslog Protocol
*3e07920fSDavid van Moolenbroekformat.
*3e07920fSDavid van MoolenbroekSee RFC 3164 (BSD Syslog) and RFC 5424 (Syslog Protocol) for detailed
*3e07920fSDavid van Moolenbroekdescription of the message format.
*3e07920fSDavid van MoolenbroekMessages from the local kernel that are not tagged with a priority code
*3e07920fSDavid van Moolenbroekreceive the default facility
*3e07920fSDavid van Moolenbroek.Dv LOG_KERN
*3e07920fSDavid van Moolenbroekand priority
*3e07920fSDavid van Moolenbroek.Dv LOG_NOTICE .
*3e07920fSDavid van MoolenbroekAll other untagged messages receive the default facility
*3e07920fSDavid van Moolenbroek.Dv LOG_USER
*3e07920fSDavid van Moolenbroekand priority
*3e07920fSDavid van Moolenbroek.Dv LOG_NOTICE .
*3e07920fSDavid van Moolenbroek.Sh FILES
*3e07920fSDavid van Moolenbroek.Bl -tag -width /var/run/syslogd.pid -compact
*3e07920fSDavid van Moolenbroek.It Pa /etc/syslog.conf
*3e07920fSDavid van MoolenbroekThe configuration file.
*3e07920fSDavid van Moolenbroek.It Pa /var/run/syslogd.pid
*3e07920fSDavid van MoolenbroekThe process id of current
*3e07920fSDavid van Moolenbroek.Nm .
*3e07920fSDavid van Moolenbroek.It Pa /var/run/log
*3e07920fSDavid van MoolenbroekName of the
*3e07920fSDavid van Moolenbroek.Ux
*3e07920fSDavid van Moolenbroekdomain datagram log socket.
*3e07920fSDavid van Moolenbroek.It Pa /dev/klog
*3e07920fSDavid van MoolenbroekThe kernel log device.
*3e07920fSDavid van Moolenbroek.El
*3e07920fSDavid van Moolenbroek.Sh SEE ALSO
*3e07920fSDavid van Moolenbroek.Xr logger 1 ,
*3e07920fSDavid van Moolenbroek.Xr syslog 3 ,
*3e07920fSDavid van Moolenbroek.Xr services 5 ,
*3e07920fSDavid van Moolenbroek.Xr syslog.conf 5 ,
*3e07920fSDavid van Moolenbroek.Xr newsyslog 8
*3e07920fSDavid van Moolenbroek.Rs
*3e07920fSDavid van Moolenbroek.%R RFC
*3e07920fSDavid van Moolenbroek.%N 3164
*3e07920fSDavid van Moolenbroek.%D August 2001
*3e07920fSDavid van Moolenbroek.%T The BSD syslog Protocol
*3e07920fSDavid van Moolenbroek.Re
*3e07920fSDavid van Moolenbroek.Rs
*3e07920fSDavid van Moolenbroek.%R RFC
*3e07920fSDavid van Moolenbroek.%N 5424
*3e07920fSDavid van Moolenbroek.%D March 2009
*3e07920fSDavid van Moolenbroek.%T The Syslog Protocol
*3e07920fSDavid van Moolenbroek.Re
*3e07920fSDavid van Moolenbroek.Sh HISTORY
*3e07920fSDavid van MoolenbroekThe
*3e07920fSDavid van Moolenbroek.Nm
*3e07920fSDavid van Moolenbroekcommand appeared in
*3e07920fSDavid van Moolenbroek.Bx 4.3 .
*3e07920fSDavid van MoolenbroekSupport for multiple log sockets appeared in
*3e07920fSDavid van Moolenbroek.Nx 1.4 .
*3e07920fSDavid van Moolenbroeklibwrap support appeared in
*3e07920fSDavid van Moolenbroek.Nx 1.6 .
*3e07920fSDavid van MoolenbroekSupport for RFC 5424, TLS encryption and authentication, signed messages
*3e07920fSDavid van Moolenbroekappeared in
*3e07920fSDavid van Moolenbroek.Nx 6.0 .