1.\" $NetBSD: syslogd.8,v 1.44 2008/11/07 07:36:38 minskim Exp $ 2.\" 3.\" Copyright (c) 1983, 1986, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" from: @(#)syslogd.8 8.1 (Berkeley) 6/6/93 31.\" 32.Dd August 8, 2008 33.Dt SYSLOGD 8 34.Os 35.Sh NAME 36.Nm syslogd 37.Nd log systems messages 38.Sh SYNOPSIS 39.Nm 40.Op Fl dnrSsTUv 41.Bk -words 42.Op Fl b Ar bind_address 43.Ek 44.Bk -words 45.Op Fl f Ar config_file 46.Ek 47.Bk -words 48.Op Fl g Ar group 49.Ek 50.Bk -words 51.Op Fl m Ar mark_interval 52.Ek 53.Bk -words 54.Op Fl P Ar file_list 55.Ek 56.Bk -words 57.Oo 58.Fl p Ar log_socket 59.Op Fl p Ar log_socket2 ... 60.Oc 61.Ek 62.Bk -words 63.Op Fl t Ar chroot_dir 64.Ek 65.Bk -words 66.Op Fl u Ar user 67.Ek 68.Sh DESCRIPTION 69.Nm 70reads and logs messages to the system console, log files, other 71machines and/or users as specified by its configuration file. 72The options are as follows: 73.Bl -tag -width 15n 74.It Fl b Ar bind_address 75Specify one specific IP address or hostname to bind to. 76If a hostname is specified, the IPv4 or IPv6 address 77which corresponds to it is used. 78.It Fl d 79Enable debugging to the standard output, 80and do not disassociate from the controlling terminal. 81.It Fl f 82Specify the pathname of an alternative configuration file; 83the default is 84.Pa /etc/syslog.conf . 85.It Fl g Ar group 86Set GID to 87.Ar group 88after the sockets and log files have been opened. 89.It Fl m 90Select the number of minutes between ``mark'' messages; 91the default is 20 minutes. 92.It Fl n 93Do not perform hostname lookups; report only numeric addresses. 94.It Fl o 95Select output message format. 96.Bl -hang 97.It Em rfc3164 98traditional BSD Syslog format (default) 99.It Em syslog 100new syslog-protocol format 101.El 102.It Fl P 103Specify the pathname of a file containing a list of sockets to be 104created. 105The format of the file is simply one socket per line. 106.It Fl p 107Specify the pathname of a log socket. 108Multiple 109.Fl p 110options create multiple log sockets. 111If no 112.Fl p 113arguments are created, the default socket of 114.Pa /var/run/log 115is used. 116.It Fl r 117Disable the compression of repeated instances of the same line 118into a single line of the form 119.Dq last message repeated N times . 120.It Fl S 121Sync kernel messages to disk immediately. 122.It Fl s 123Select 124.Dq secure 125mode, in which 126.Nm 127does not listen on a UDP socket but only communicates over a 128.Ux 129domain socket. 130This is valuable when the machine on 131which 132.Nm 133runs is subject to attack over the network and it is desired 134that the machine be protected from attempts to remotely fill logs 135and similar attacks. 136.It Fl t Ar chroot_dir 137.Xr chroot 2 138to 139.Ar chroot_dir 140after the sockets and log files have been opened. 141.It Fl T 142Always use the local time and date for messages received from the 143network, instead of the timestamp field supplied in the message 144by the remote host. 145This is useful if some of the originating hosts can't keep time 146properly or are unable to generate a correct timestamp. 147.It Fl u Ar user 148Set UID to 149.Ar user 150after the sockets and log files have been opened. 151.It Fl U 152Unique priority logging. 153Only log messages at the priority specified by the selector in the 154configuration file. 155Without this option, messages at the specified priority or higher are 156logged. 157This option changes the default priority comparison from 158.Sq \*[Gt]= 159to 160.Sq = . 161.It Fl v 162Verbose logging. 163If specified once, the numeric facility and priority are logged with 164each locally-written message. 165If specified more than once, the names of the facility and priority are 166logged with each locally-written message. 167.El 168.Pp 169.Nm 170reads its configuration file when it starts up and whenever it 171receives a hangup signal. 172For information on the format of the configuration file, 173see 174.Xr syslog.conf 5 . 175.Pp 176.Nm 177reads messages from the 178.Ux 179domain socket 180.Pa /var/run/log , 181from an Internet domain socket specified in 182.Pa /etc/services , 183and from the special device 184.Pa /dev/klog 185(to read kernel messages). 186.Pp 187.Nm 188creates the file 189.Pa /var/run/syslogd.pid , 190and stores its process 191id there. 192This can be used to kill or reconfigure 193.Nm . 194.Pp 195By using multiple 196.Fl p 197options, one can set up many chroot environments by passing the pathname 198to the log socket 199.Pa ( /var/run/log ) 200in each chroot area to 201.Nm . 202For example: 203.Dl syslogd -p /var/run/log -p /web/var/run/log -p /ftp/var/run/log 204.Pp 205Note: the normal log socket must now also be passed to 206.Nm . 207.Pp 208The logged message includes the date, time, and hostname (or pathname of 209the log socket). 210Commonly, the program name and the process id is included. 211.Pp 212The date and time are taken from the received message. 213If the format of the timestamp field is incorrect, time obtained from 214the local host is used instead. 215This can be overridden by the 216.Fl T 217flag. 218.Pp 219Accesses from UDP socket can be filtered by libwrap configuration files, like 220.Pa /etc/hosts.deny . 221Specify 222.Dq Li syslogd 223in 224.Ar daemon_list 225portion of the configuration files. 226Refer to 227.Xr hosts_access 5 228for details. 229.Ss SYSLOG PROTOCOL NOTES 230.Nm 231accepts messages in traditional BSD Syslog or in newer Syslog Protocol 232format. 233See RFC 3164 (BSD Syslog) and RFC 234.Em nnnn 235(Syslog Protocol) for detailed description of the message format. 236.Dv LOG_KERN 237and priority 238.Dv LOG_NOTICE . 239All other untagged messages receive the default facility 240.Dv LOG_USER 241and priority 242.Dv LOG_NOTICE . 243.Sh FILES 244.Bl -tag -width /var/run/syslogd.pid -compact 245.It Pa /etc/syslog.conf 246The configuration file. 247.It Pa /var/run/syslogd.pid 248The process id of current 249.Nm . 250.It Pa /var/run/log 251Name of the 252.Ux 253domain datagram log socket. 254.It Pa /dev/klog 255The kernel log device. 256.El 257.Sh SEE ALSO 258.Xr logger 1 , 259.Xr syslog 3 , 260.Xr services 5 , 261.Xr syslog.conf 5 , 262.Xr newsyslog 8 263.Rs 264.%R RFC 265.%N 3164 266.%D August 2001 267.%T The BSD syslog Protocol 268.Re 269.Rs 270.%R Internet-Draft 271.%N draft-ietf-syslog-protocol-23 272.%D September 2007 273.%T The syslog Protocol 274.Re 275.Sh HISTORY 276The 277.Nm 278command appeared in 279.Bx 4.3 . 280Support for multiple log sockets appeared in 281.Nx 1.4 . 282libwrap support appeared in 283.Nx 1.6 . 284