1.\" $NetBSD: syslog.3,v 1.26 2008/11/01 13:54:01 wiz Exp $ 2.\" $OpenBSD: syslog.3,v 1.25 2005/07/22 03:16:58 jaredy Exp $ 3.\" 4.\" Copyright (c) 1985, 1991, 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)syslog.3 8.1 (Berkeley) 6/4/93 32.\" 33.Dd August 13, 2008 34.Dt SYSLOG 3 35.Os 36.Sh NAME 37.Nm syslog , 38.Nm syslog_r , 39.Nm vsyslog , 40.Nm vsyslog_r , 41.Nm syslogp , 42.Nm syslogp_r , 43.Nm vsyslogp , 44.Nm vsyslogp_r , 45.Nm openlog , 46.Nm openlog_r , 47.Nm closelog , 48.Nm closelog_r , 49.Nm setlogmask , 50.Nm setlogmask_r 51.Nd control system log 52.Sh LIBRARY 53.Lb libc 54.Sh SYNOPSIS 55.In syslog.h 56.Ft void 57.Fn syslog "int priority" "const char *message" "..." 58.Ft void 59.Fn syslog_r "int priority" "struct syslog_data *data" "const char *message" "..." 60.Ft void 61.Fn syslogp "int priority" "const char *msgid" "const char *sdfmt" "const char *message" "..." 62.Ft void 63.Fn syslogp_r "int priority" "struct syslog_data *data" "const char *msgid" "const char *sdfmt" "const char *message" "..." 64.\" .Ft void 65.\" .Fn syslog_ss "int priority" "struct syslog_data *data" "const char *message" "..." 66.Ft void 67.Fn openlog "const char *ident" "int logopt" "int facility" 68.Ft void 69.Fn openlog_r "const char *ident" "int logopt" "int facility" "struct syslog_data *data" 70.Ft void 71.Fn closelog void 72.Ft void 73.Fn closelog_r "struct syslog_data *data" 74.Ft int 75.Fn setlogmask "int maskpri" 76.Ft int 77.Fn setlogmask_r "int maskpri" "struct syslog_data *data" 78.In stdarg.h 79.Ft void 80.Fn vsyslog "int priority" "const char *message" "va_list args" 81.Ft void 82.Fn vsyslog_r "int priority" "struct syslog_data *data" "const char *message" "va_list args" 83.Ft void 84.Fn vsyslogp "int priority" "const char *msgid" "const char *sdfmt" "const char *message" "va_list args" 85.Ft void 86.Fn vsyslogp_r "int priority" "struct syslog_data *data" "const char *msgid" "const char *sdfmt" "const char *message" "va_list args" 87.\" .Ft void 88.\" .Fn vsyslog_ss "int priority" "struct syslog_data *data" "const char *message" "va_list args" 89.Bd -literal 90 91struct syslog_data { 92 int log_file; 93 int connected; 94 int opened; 95 int log_stat; 96 const char *log_tag; 97 int log_fac; 98 int log_mask; 99}; 100 101#define SYSLOG_DATA_INIT { \e 102 .log_file = -1, \e 103 .log_fac = LOG_USER, \e 104 .log_mask = 0xff, \e 105} 106.Ed 107.Sh DESCRIPTION 108The 109.Fn syslog 110function 111writes 112.Fa message 113to the system message logger. 114The message is then written to the system console, log files, 115logged-in users, or forwarded to other machines as appropriate (See 116.Xr syslogd 8 ) . 117.Pp 118The message is identical to a 119.Xr printf 3 120format string, except that 121.Ql %m 122is replaced by the current error 123message. 124(As denoted by the global variable 125.Va errno ; 126see 127.Xr strerror 3 . ) 128A trailing newline is added if none is present. 129.\" shouldn't the newline statement be removed? 130.\" when logging through a socket a newline is 131.\" not added nor is it required. -- ms 132The 133.Fn syslog_r 134function is a multithread-safe version of the 135.Fn syslog 136function. 137It takes a pointer to a 138.Fa syslog_data 139structure which is used to store 140information. 141This parameter must be initialized before 142.Fn syslog_r 143is called. 144The 145.Dv SYSLOG_DATA_INIT 146constant is used for this purpose. 147The 148.Fa syslog_data 149structure is composed of the following elements: 150.Bl -tag -width connected 151.It Dv log_file 152contains the file descriptor of the file where the message is logged 153.It Dv connected 154indicates if connect has been done 155.It Dv opened 156indicates if 157.Fn openlog_r 158has been called 159.It Dv log_stat 160status bits, set by 161.Fn openlog_r 162.It Dv log_tag 163string to tag the entry with 164.It Dv log_fac 165facility code 166.It Dv log_mask 167mask of priorities to be logged 168.El 169.\" .Pp 170.\" The 171.\" .Fn syslog_ss 172.\" is the async-signal-safe version of 173.\" .Fn syslog_r 174.\" and is also multithread-safe. 175.\" It has the following limitations: 176.\" .Bl -enum -offset indent 177.\" .It 178.\" The format string cannot contain multi-byte character sequences. 179.\" .It 180.\" Floating point formats are not supported and print 181.\" .Dq UNK . 182.\" .It 183.\" The time of the event is not sent to 184.\" .Xr syslogd 8 . 185.\" .It 186.\" The error string in the %m format is not printed symbolically but as 187.\" .Dq Error %d . 188.\" .El 189.\" .Pp 190.\" For more information about async-signal-safe functions and signal handlers, see 191.\" .Xr signal 7 . 192.Pp 193The 194.Fn vsyslog 195function 196is an alternative form in which the arguments have already been captured 197using the variable-length argument facilities of 198.Xr varargs 3 . 199.Pp 200The 201.Fn syslogp 202variants take additional arguments which correspond to new fields in the 203syslog-protocol message format. 204All three arguments are evaluated as 205.Xr printf 3 206format strings and any of them can be 207.Dv NULL . 208This enables applications to use message IDs, structured data, and UTF-8 encoded 209content in messages. 210.Pp 211The message is tagged with 212.Fa priority . 213Priorities are encoded as a 214.Fa facility 215and a 216.Em level . 217The facility describes the part of the system 218generating the message. 219The level is selected from the following 220.Em ordered 221(high to low) list: 222.Bl -tag -width LOG_AUTHPRIV 223.It Dv LOG_EMERG 224A panic condition. 225This is normally broadcast to all users. 226.It Dv LOG_ALERT 227A condition that should be corrected immediately, such as a corrupted 228system database. 229.It Dv LOG_CRIT 230Critical conditions, e.g., hard device errors. 231.It Dv LOG_ERR 232Errors. 233.It Dv LOG_WARNING 234Warning messages. 235.It Dv LOG_NOTICE 236Conditions that are not error conditions, 237but should possibly be handled specially. 238.It Dv LOG_INFO 239Informational messages. 240.It Dv LOG_DEBUG 241Messages that contain information 242normally of use only when debugging a program. 243.El 244.Pp 245The 246.Fn vsyslog_r 247is used the same way as 248.Fn vsyslog 249except that it takes an additional pointer to a 250.Fa syslog_data 251structure. 252It is a multithread-safe version of the 253.Fn vsyslog 254function described above. 255.\" The 256.\" .Fn vsyslog_ss 257.\" is the async-signal-safe version of 258.\" .Fn vsyslog_r , 259.\" is also multithread-safe, and has the same limitations as 260.\" .Fn syslog_ss . 261.Pp 262The 263.Fn openlog 264function 265provides for more specialized processing of the messages sent 266by 267.Fn syslog 268and 269.Fn vsyslog . 270The parameter 271.Fa ident 272is a string that will be prepended to every message. 273The 274.Fa logopt 275argument 276is a bit field specifying logging options, which is formed by 277.Tn OR Ns 'ing 278one or more of the following values: 279.Bl -tag -width LOG_AUTHPRIV 280.It Dv LOG_CONS 281If 282.Fn syslog 283cannot pass the message to 284.Xr syslogd 8 285it will attempt to write the message to the console 286.Pq Dq Pa /dev/console . 287.It Dv LOG_NDELAY 288Open the connection to 289.Xr syslogd 8 290immediately. 291Normally the open is delayed until the first message is logged. 292Useful for programs that need to manage the order in which file 293descriptors are allocated. 294.It Dv LOG_PERROR 295Write the message to standard error output as well to the system log. 296.It Dv LOG_PID 297Log the process id with each message: useful for identifying 298instantiations of daemons. 299(This PID is placed within brackets 300between the ident and the message.) 301.El 302.Pp 303The 304.Fa facility 305parameter encodes a default facility to be assigned to all messages 306that do not have an explicit facility encoded: 307.Bl -tag -width LOG_AUTHPRIV 308.It Dv LOG_AUTH 309The authorization system: 310.Xr login 1 , 311.Xr su 1 , 312.Xr getty 8 , 313etc. 314.It Dv LOG_AUTHPRIV 315The same as 316.Dv LOG_AUTH , 317but logged to a file readable only by 318selected individuals. 319.It Dv LOG_CRON 320The cron daemon: 321.Xr cron 8 . 322.It Dv LOG_DAEMON 323System daemons, such as 324.Xr routed 8 , 325that are not provided for explicitly by other facilities. 326.It Dv LOG_FTP 327The file transfer protocol daemon: 328.Xr ftpd 8 . 329.It Dv LOG_KERN 330Messages generated by the kernel. 331These cannot be generated by any user processes. 332.It Dv LOG_LPR 333The line printer spooling system: 334.Xr lpr 1 , 335.Xr lpc 8 , 336.Xr lpd 8 , 337etc. 338.It Dv LOG_MAIL 339The mail system. 340.It Dv LOG_NEWS 341The network news system. 342.It Dv LOG_SYSLOG 343Messages generated internally by 344.Xr syslogd 8 . 345.It Dv LOG_USER 346Messages generated by random user processes. 347This is the default facility identifier if none is specified. 348.It Dv LOG_UUCP 349The uucp system. 350.It Dv LOG_LOCAL0 351Reserved for local use. 352Similarly for 353.Dv LOG_LOCAL1 354through 355.Dv LOG_LOCAL7 . 356.El 357.Pp 358The 359.Fn openlog_r 360function is the multithread-safe version of the 361.Fn openlog 362function. 363It takes an additional pointer to a 364.Fa syslog_data 365structure. 366This function must be used in conjunction with the other 367multithread-safe functions. 368.Pp 369The 370.Fn closelog 371function 372can be used to close the log file. 373.Pp 374The 375.Fn closelog_r 376does the same thing as 377.Xr closelog 3 378but in a multithread-safe way and takes an additional 379pointer to a 380.Fa syslog_data 381structure. 382.Pp 383The 384.Fn setlogmask 385function 386sets the log priority mask to 387.Fa maskpri 388and returns the previous mask. 389Calls to 390.Fn syslog 391with a priority not set in 392.Fa maskpri 393are rejected. 394The mask for an individual priority 395.Fa pri 396is calculated by the macro 397.Fn LOG_MASK pri ; 398the mask for all priorities up to and including 399.Fa toppri 400is given by the macro 401.Fn LOG_UPTO toppri . 402The default allows all priorities to be logged. 403.Pp 404The 405.Fn setlogmask_r 406function is the multithread-safe version of 407.Fn setlogmask . 408It takes an additional pointer to a 409.Fa syslog_data 410structure. 411.Sh RETURN VALUES 412The routines 413.Fn closelog , 414.Fn closelog_r , 415.Fn openlog , 416.Fn openlog_r , 417.Fn syslog , 418.Fn syslog_r , 419.Fn vsyslog , 420.Fn vsyslog_r , 421.Fn syslogp , 422.Fn syslogp_r , 423.Fn vsyslogp , 424and 425.Fn vsyslogp_r 426return no value. 427.Pp 428The routines 429.Fn setlogmask 430and 431.Fn setlogmask_r 432always return the previous log mask level. 433.Sh EXAMPLES 434.Bd -literal -offset indent -compact 435syslog(LOG_ALERT, "who: internal error 23"); 436 437openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP); 438 439setlogmask(LOG_UPTO(LOG_ERR)); 440 441syslog(LOG_INFO, "Connection from host %d", CallingHost); 442 443syslog(LOG_INFO|LOG_LOCAL2, "foobar error: %m"); 444 445syslogp(LOG_INFO|LOG_LOCAL2, NULL, NULL, "foobar error: %m"); 446 447syslogp(LOG_INFO, "ID%d", "[meta language=\\"en-US\\"]", 448 "event: %s", 42, EventDescription); 449.Ed 450.Pp 451For the multithread-safe functions: 452.Bd -literal -offset indent 453struct syslog_data sdata = SYSLOG_DATA_INIT; 454 455syslog_r(LOG_INFO|LOG_LOCAL2, \*[Am]sdata, "foobar error: %m"); 456.Ed 457.Sh SEE ALSO 458.Xr logger 1 , 459.Xr syslogd 8 460.Rs 461.%R RFC 462.%N 3164 463.%D August 2001 464.%T The BSD syslog Protocol 465.Re 466.Rs 467.%R Internet-Draft 468.%N draft-ietf-syslog-protocol-23 469.%D September 2007 470.%T The syslog Protocol 471.Re 472.Sh HISTORY 473These non-multithread-safe functions appeared in 474.Bx 4.2 . 475The multithread-safe functions appeared in 476.Ox 3.1 477and then in 478.Nx 4.0 . 479The async-signal-safe functions appeared in 480.Nx 4.0 . 481The syslog-protocol functions appeared in 482.Nx 5.0 . 483.Sh CAVEATS 484It is important never to pass a string with user-supplied data as a 485format without using 486.Ql %s . 487An attacker can put format specifiers in the string to mangle your stack, 488leading to a possible security hole. 489This holds true even if you have built the string 490.Dq by hand 491using a function like 492.Fn snprintf , 493as the resulting string may still contain user-supplied conversion specifiers 494for later interpolation by 495.Fn syslog . 496.Pp 497Always be sure to use the proper secure idiom: 498.Bd -literal -offset indent 499syslog(priority, "%s", string); 500.Ed 501.Pp 502With 503.Fn syslogp 504the caller is responsible to use the right formatting for the message fields. 505A 506.Fa msgid 507must only contain up to 32 ASCII characters. 508A 509.Fa sdfmt 510has strict rules for paranthesis and character quoting. 511If the 512.Fa msgfmt 513contains UTF-8 characters, then it has to start with a Byte Order Mark. 514