1.\" $NetBSD: syslog.3,v 1.22 2006/10/27 20:00:55 christos Exp $ 2.\" $OpenBSD: syslog.3,v 1.25 2005/07/22 03:16:58 jaredy Exp $ 3.\" 4.\" Copyright (c) 1985, 1991, 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)syslog.3 8.1 (Berkeley) 6/4/93 32.\" 33.Dd October 27, 2006 34.Dt SYSLOG 3 35.Os 36.Sh NAME 37.Nm syslog , 38.Nm syslog_r , 39.Nm vsyslog , 40.Nm vsyslog_r , 41.Nm openlog , 42.Nm openlog_r , 43.Nm closelog , 44.Nm closelog_r , 45.Nm setlogmask , 46.Nm setlogmask_r 47.Nd control system log 48.Sh LIBRARY 49.Lb libc 50.Sh SYNOPSIS 51.In syslog.h 52.Ft void 53.Fn syslog "int priority" "const char *message" "..." 54.Ft void 55.Fn syslog_r "int priority" "struct syslog_data *data" "const char *message" "..." 56.Ft void 57.Fn syslog_ss "int priority" "struct syslog_data *data" "const char *message" "..." 58.Ft void 59.Fn openlog "const char *ident" "int logopt" "int facility" 60.Ft void 61.Fn openlog_r "const char *ident" "int logopt" "int facility" "struct syslog_data *data" 62.Ft void 63.Fn closelog void 64.Ft void 65.Fn closelog_r "struct syslog_data *data" 66.Ft int 67.Fn setlogmask "int maskpri" 68.Ft int 69.Fn setlogmask_r "int maskpri" "struct syslog_data *data" 70.In stdarg.h 71.Ft void 72.Fn vsyslog "int priority" "const char *message" "va_list args" 73.Ft void 74.Fn vsyslog_r "int priority" "struct syslog_data *data" "const char *message" "va_list args" 75.Ft void 76.Fn vsyslog_ss "int priority" "struct syslog_data *data" "const char *message" "va_list args" 77.Bd -literal 78 79struct syslog_data { 80 int log_file; 81 int connected; 82 int opened; 83 int log_stat; 84 const char *log_tag; 85 int log_fac; 86 int log_mask; 87}; 88 89#define SYSLOG_DATA_INIT { \e 90 .log_file = -1, \e 91 .log_fac = LOG_USER, \e 92 .log_mask = 0xff, \e 93} 94.Ed 95.Sh DESCRIPTION 96The 97.Fn syslog 98function 99writes 100.Fa message 101to the system message logger. 102The message is then written to the system console, log files, 103logged-in users, or forwarded to other machines as appropriate (See 104.Xr syslogd 8 ) . 105.Pp 106The message is identical to a 107.Xr printf 3 108format string, except that 109.Ql %m 110is replaced by the current error 111message. 112(As denoted by the global variable 113.Va errno ; 114see 115.Xr strerror 3 . ) 116A trailing newline is added if none is present. 117The 118.Fn syslog_r 119function is a multithread-safe version of the 120.Fn syslog 121function. 122It takes a pointer to a 123.Fa syslog_data 124structure which is used to store 125information. 126This parameter must be initialized before 127.Fn syslog_r 128is called. 129The 130.Dv SYSLOG_DATA_INIT 131constant is used for this purpose. 132The 133.Fa syslog_data 134structure is composed of the following elements: 135.Bl -tag -width connected 136.It Dv log_file 137contains the file descriptor of the file where the message is logged 138.It Dv connected 139indicates if connect has been done 140.It Dv opened 141indicates if 142.Fn openlog_r 143has been called 144.It Dv log_stat 145status bits, set by 146.Fn openlog_r 147.It Dv log_tag 148string to tag the entry with 149.It Dv log_fac 150facility code 151.It Dv log_mask 152mask of priorities to be logged 153.El 154.Pp 155The 156.Fn syslog_ss 157is the async-signal-safe version of 158.Fn syslog_r 159and is also multithread-safe. 160It has the following limitations: 161.Bl -tag -width XXX 162.It Dv 1. 163The format string cannot contain multi-byte character sequences. 164.It Dv 2. 165Floating point formats are not supported and print 166.Dq UNK . 167.It Dv 3. 168The time of the event is not sent to 169.Xr syslogd 8 . 170.It Dv 4. 171The error string in the %m format is not printed symbolically but as 172.Dq Error %d . 173.El 174.Pp 175For more information about async-signal-safe functions and signal handlers, see 176.Xr signal 7 . 177.Pp 178The 179.Fn vsyslog 180function 181is an alternative form in which the arguments have already been captured 182using the variable-length argument facilities of 183.Xr varargs 3 . 184.Pp 185The message is tagged with 186.Fa priority . 187Priorities are encoded as a 188.Fa facility 189and a 190.Em level . 191The facility describes the part of the system 192generating the message. 193The level is selected from the following 194.Em ordered 195(high to low) list: 196.Bl -tag -width LOG_AUTHPRIV 197.It Dv LOG_EMERG 198A panic condition. 199This is normally broadcast to all users. 200.It Dv LOG_ALERT 201A condition that should be corrected immediately, such as a corrupted 202system database. 203.It Dv LOG_CRIT 204Critical conditions, e.g., hard device errors. 205.It Dv LOG_ERR 206Errors. 207.It Dv LOG_WARNING 208Warning messages. 209.It Dv LOG_NOTICE 210Conditions that are not error conditions, 211but should possibly be handled specially. 212.It Dv LOG_INFO 213Informational messages. 214.It Dv LOG_DEBUG 215Messages that contain information 216normally of use only when debugging a program. 217.El 218.Pp 219The 220.Fn vsyslog_r 221is used the same way as 222.Fn vsyslog 223except that it takes an additional pointer to a 224.Fa syslog_data 225structure. 226It is a multithread-safe version of the 227.Fn vsyslog 228function described above. 229The 230.Fn vsyslog_ss 231is the async-signal-safe version of 232.Fn vsyslog_r , 233is also multithread-safe, and has the same limitations as 234.Fn syslog_ss . 235.Pp 236The 237.Fn openlog 238function 239provides for more specialized processing of the messages sent 240by 241.Fn syslog 242and 243.Fn vsyslog . 244The parameter 245.Fa ident 246is a string that will be prepended to every message. 247The 248.Fa logopt 249argument 250is a bit field specifying logging options, which is formed by 251.Tn OR Ns 'ing 252one or more of the following values: 253.Bl -tag -width LOG_AUTHPRIV 254.It Dv LOG_CONS 255If 256.Fn syslog 257cannot pass the message to 258.Xr syslogd 8 259it will attempt to write the message to the console 260.Pq Dq Pa /dev/console . 261.It Dv LOG_NDELAY 262Open the connection to 263.Xr syslogd 8 264immediately. 265Normally the open is delayed until the first message is logged. 266Useful for programs that need to manage the order in which file 267descriptors are allocated. 268.It Dv LOG_PERROR 269Write the message to standard error output as well to the system log. 270.It Dv LOG_PID 271Log the process id with each message: useful for identifying 272instantiations of daemons. 273(This PID is placed within brackets 274between the ident and the message.) 275.El 276.Pp 277The 278.Fa facility 279parameter encodes a default facility to be assigned to all messages 280that do not have an explicit facility encoded: 281.Bl -tag -width LOG_AUTHPRIV 282.It Dv LOG_AUTH 283The authorization system: 284.Xr login 1 , 285.Xr su 1 , 286.Xr getty 8 , 287etc. 288.It Dv LOG_AUTHPRIV 289The same as 290.Dv LOG_AUTH , 291but logged to a file readable only by 292selected individuals. 293.It Dv LOG_CRON 294The cron daemon: 295.Xr cron 8 . 296.It Dv LOG_DAEMON 297System daemons, such as 298.Xr routed 8 , 299that are not provided for explicitly by other facilities. 300.It Dv LOG_FTP 301The file transfer protocol daemon: 302.Xr ftpd 8 . 303.It Dv LOG_KERN 304Messages generated by the kernel. 305These cannot be generated by any user processes. 306.It Dv LOG_LPR 307The line printer spooling system: 308.Xr lpr 1 , 309.Xr lpc 8 , 310.Xr lpd 8 , 311etc. 312.It Dv LOG_MAIL 313The mail system. 314.It Dv LOG_NEWS 315The network news system. 316.It Dv LOG_SYSLOG 317Messages generated internally by 318.Xr syslogd 8 . 319.It Dv LOG_USER 320Messages generated by random user processes. 321This is the default facility identifier if none is specified. 322.It Dv LOG_UUCP 323The uucp system. 324.It Dv LOG_LOCAL0 325Reserved for local use. 326Similarly for 327.Dv LOG_LOCAL1 328through 329.Dv LOG_LOCAL7 . 330.El 331.Pp 332The 333.Fn openlog_r 334function is the multithread-safe version of the 335.Fn openlog 336function. 337It takes an additional pointer to a 338.Fa syslog_data 339structure. 340This function must be used in conjunction with the other 341multithread-safe functions. 342.Pp 343The 344.Fn closelog 345function 346can be used to close the log file. 347.Pp 348The 349.Fn closelog_r 350does the same thing as 351.Xr closelog 3 352but in a multithread-safe way and takes an additional 353pointer to a 354.Fa syslog_data 355structure. 356.Pp 357The 358.Fn setlogmask 359function 360sets the log priority mask to 361.Fa maskpri 362and returns the previous mask. 363Calls to 364.Fn syslog 365with a priority not set in 366.Fa maskpri 367are rejected. 368The mask for an individual priority 369.Fa pri 370is calculated by the macro 371.Fn LOG_MASK pri ; 372the mask for all priorities up to and including 373.Fa toppri 374is given by the macro 375.Fn LOG_UPTO toppri . 376The default allows all priorities to be logged. 377.Pp 378The 379.Fn setlogmask_r 380function is the multithread-safe version of 381.Fn setlogmask . 382It takes an additional pointer to a 383.Fa syslog_data 384structure. 385.Sh RETURN VALUES 386The routines 387.Fn closelog , 388.Fn closelog_r , 389.Fn openlog , 390.Fn openlog_r , 391.Fn syslog , 392.Fn syslog_r , 393.Fn vsyslog , 394and 395.Fn vsyslog_r 396return no value. 397.Pp 398The routines 399.Fn setlogmask 400and 401.Fn setlogmask_r 402always return the previous log mask level. 403.Sh EXAMPLES 404.Bd -literal -offset indent -compact 405syslog(LOG_ALERT, "who: internal error 23"); 406 407openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP); 408 409setlogmask(LOG_UPTO(LOG_ERR)); 410 411syslog(LOG_INFO, "Connection from host %d", CallingHost); 412 413syslog(LOG_INFO|LOG_LOCAL2, "foobar error: %m"); 414.Ed 415.Pp 416For the multithread-safe functions: 417.Bd -literal -offset indent 418struct syslog_data sdata = SYSLOG_DATA_INIT; 419 420syslog_r(LOG_INFO|LOG_LOCAL2, \*[Am]sdata, "foobar error: %m"); 421.Ed 422.Sh SEE ALSO 423.Xr logger 1 , 424.Xr syslogd 8 425.Sh HISTORY 426These non-multithread-safe functions appeared in 427.Bx 4.2 . 428The multithread-safe functions appeared in 429.Ox 3.1 430and then in 431.Nx 4.0 . 432The async-signal-safe functions appeared in 433.Nx 4.0 . 434.Sh CAVEATS 435It is important never to pass a string with user-supplied data as a 436format without using 437.Ql %s . 438An attacker can put format specifiers in the string to mangle your stack, 439leading to a possible security hole. 440This holds true even if you have built the string 441.Dq by hand 442using a function like 443.Fn snprintf , 444as the resulting string may still contain user-supplied conversion specifiers 445for later interpolation by 446.Fn syslog . 447.Pp 448Always be sure to use the proper secure idiom: 449.Bd -literal -offset indent 450syslog(priority, "%s", string); 451.Ed 452