1.\" $NetBSD: syslogd.8,v 1.60 2024/08/21 17:13:24 gutteridge Exp $ 2.\" 3.\" Copyright (c) 1983, 1986, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" from: @(#)syslogd.8 8.1 (Berkeley) 6/6/93 31.\" 32.Dd August 21, 2024 33.Dt SYSLOGD 8 34.Os 35.Sh NAME 36.Nm syslogd 37.Nd log systems messages 38.Sh SYNOPSIS 39.Nm 40.Op Fl knrSsTUvX 41.Op Fl B Ar buffer_length 42.Op Fl b Ar bind_address 43.Op Fl d Op Oo Cm \&~ Oc Ns Ar what 44.Op Fl f Ar config_file 45.Op Fl g Ar group 46.Op Fl m Ar mark_interval 47.Op Fl o Ar output_format 48.Op Fl P Ar file_list 49.Oo 50.Fl p Ar log_socket 51.Op Fl p Ar log_socket2 ... 52.Oc 53.Op Fl t Ar chroot_dir 54.Op Fl u Ar user 55.Sh DESCRIPTION 56.Nm 57reads and logs messages to the system console, log files, other 58machines and/or users as specified by its configuration file. 59The options are as follows: 60.Bl -tag -width 15n 61.It Fl B Ar buffer_length 62Sets the receiving buffer length. 63The default is 16384 bytes. 64If syslogd reports buffer overflow, this needs increasing. 65If you don't care about it being reported, see the 66.Fl X 67option. 68.It Fl b Ar bind_address 69Specify one specific IP address or hostname to bind to. 70If a hostname is specified, the IPv4 or IPv6 address 71which corresponds to it is used. 72.It Fl d Op Oo Cm \&~ Oc Ns Ar what 73Do not disassociate from the controlling terminal and 74enable debugging to the standard output. 75The optional 76.Ar what 77argument is a number that selects which categories of the debug 78messages are to be enabled. 79A tilde 80.Pq Sq Cm \&~ 81before 82.Ar what 83inverts its meaning so that all messages except those selected by 84.Ar what 85are enabled. 86.It Fl f Ar config_file 87Specify the pathname of an alternative configuration file; 88the default is 89.Pa /etc/syslog.conf . 90.It Fl g Ar group 91Set GID to 92.Ar group 93after the sockets and log files have been opened. 94.It Fl k 95Disable the translation of (remote) messages received with facility 96.Dq kern 97to facility 98.Dq user . 99Usually the 100.Dq kern 101facility is reserved for messages read directly from 102.Pa /dev/klog . 103.It Fl m Ar mark_interval 104Select the number of minutes between ``mark'' messages; 105the default is 20 minutes. 106.It Fl n 107Do not perform hostname lookups; report only numeric addresses. 108.It Fl o Ar output_format 109Select output message format. 110.Bl -hang 111.It Em bsd , rfc3164 112traditional BSD Syslog format (default) 113.It Em syslog , rfc5424 114new syslog-protocol format 115.El 116.It Fl P 117Specify the pathname of a file containing a list of sockets to be 118created. 119The format of the file is simply one socket per line. 120.It Fl p Ar log_socket 121Specify the pathname of a log socket. 122Multiple 123.Fl p 124options create multiple log sockets. 125If no 126.Fl p 127arguments are given, the default socket of 128.Pa /var/run/log 129is used. 130.It Fl r 131Disable the compression of repeated instances of the same line 132into a single line of the form 133.Dq last message repeated N times . 134.It Fl S 135Sync kernel messages to disk immediately. 136.It Fl s 137Select 138.Dq secure 139mode, in which 140.Nm 141does not listen on a UDP socket but only communicates over a 142.Ux 143domain socket. 144This is valuable when the machine on 145which 146.Nm 147runs is subject to attack over the network and it is desired 148that the machine be protected from attempts to remotely fill logs 149and similar attacks. 150.It Fl T 151Always use the local time and date for messages received from the 152network, instead of the timestamp field supplied in the message 153by the remote host. 154This is useful if some of the originating hosts can't keep time 155properly or are unable to generate a correct timestamp. 156.It Fl t Ar chroot_dir 157.Xr chroot 2 158to 159.Ar chroot_dir 160after the sockets and log files have been opened. 161.It Fl U 162Unique priority logging. 163Only log messages at the priority specified by the selector in the 164configuration file. 165Without this option, messages at the specified priority or higher are 166logged. 167This option changes the default priority comparison from 168.Sq >= 169to 170.Sq = . 171.It Fl u Ar user 172Set UID to 173.Ar user 174after the sockets and log files have been opened. 175.It Fl v 176Verbose logging. 177If specified once, the numeric facility and priority are logged with 178each locally-written message. 179If specified more than once, the names of the facility and priority are 180logged with each locally-written message. 181.It Fl X 182Disable logging of buffer overflow. 183.El 184.Pp 185.Nm 186reads its configuration file when it starts up and whenever it 187receives a hangup signal. 188For information on the format of the configuration file, 189see 190.Xr syslog.conf 5 . 191.Pp 192.Nm 193reads messages from the 194.Ux 195domain socket 196.Pa /var/run/log , 197from an Internet domain socket specified in 198.Pa /etc/services , 199and from the special device 200.Pa /dev/klog 201(to read kernel messages). 202.Pp 203.Nm 204creates the file 205.Pa /var/run/syslogd.pid , 206and stores its process 207id there. 208This can be used to kill or reconfigure 209.Nm . 210.Pp 211By using multiple 212.Fl p 213options, one can set up many chroot environments by passing the pathname 214to the log socket 215.Pa ( /var/run/log ) 216in each chroot area to 217.Nm . 218For example: 219.Dl syslogd -p /var/run/log -p /web/var/run/log -p /ftp/var/run/log 220.Pp 221Note: the normal log socket must now also be passed to 222.Nm . 223.Pp 224The logged message includes the date, time, and hostname (or pathname of 225the log socket). 226Commonly, the program name and the process id is included. 227.Pp 228The date and time are taken from the received message. 229If the format of the timestamp field is incorrect, time obtained from 230the local host is used instead. 231This can be overridden by the 232.Fl T 233flag. 234.Pp 235Accesses from UDP socket can be filtered by libwrap configuration files, like 236.Pa /etc/hosts.deny . 237Specify 238.Dq Li syslogd 239in 240.Ar daemon_list 241portion of the configuration files. 242Refer to 243.Xr hosts_access 5 244for details. 245.Ss SYSLOG PROTOCOL NOTES 246.Nm 247accepts messages in traditional BSD Syslog or in newer Syslog Protocol 248format. 249See RFC 3164 (BSD Syslog) and RFC 5424 (Syslog Protocol) for detailed 250description of the message format. 251Messages from the local kernel that are not tagged with a priority code 252receive the default facility 253.Dv LOG_KERN 254and priority 255.Dv LOG_NOTICE . 256All other untagged messages receive the default facility 257.Dv LOG_USER 258and priority 259.Dv LOG_NOTICE . 260.Sh FILES 261.Bl -tag -width /var/run/syslogd.pid -compact 262.It Pa /etc/syslog.conf 263The configuration file. 264.It Pa /var/run/syslogd.pid 265The process id of current 266.Nm . 267.It Pa /var/run/log 268Name of the 269.Ux 270domain datagram log socket. 271.It Pa /dev/klog 272The kernel log device. 273.El 274.Sh SEE ALSO 275.Xr logger 1 , 276.Xr syslog 3 , 277.Xr services 5 , 278.Xr syslog.conf 5 , 279.Xr newsyslog 8 280.Rs 281.%R RFC 282.%N 3164 283.%D August 2001 284.%T The BSD syslog Protocol 285.Re 286.Rs 287.%R RFC 288.%N 5424 289.%D March 2009 290.%T The Syslog Protocol 291.Re 292.Sh HISTORY 293The 294.Nm 295command appeared in 296.Bx 4.3 . 297Support for multiple log sockets appeared in 298.Nx 1.4 . 299libwrap support appeared in 300.Nx 1.6 . 301Support for RFC 5424, TLS encryption and authentication, signed messages 302appeared in 303.Nx 6.0 . 304