1.\" $NetBSD: syslogd.8,v 1.42 2006/09/15 20:32:59 christos Exp $ 2.\" 3.\" Copyright (c) 1983, 1986, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" from: @(#)syslogd.8 8.1 (Berkeley) 6/6/93 31.\" 32.Dd September 15, 2006 33.Dt SYSLOGD 8 34.Os 35.Sh NAME 36.Nm syslogd 37.Nd log systems messages 38.Sh SYNOPSIS 39.Nm 40.Op Fl dnrSsTUv 41.Bk -words 42.Op Fl b Ar bind_address 43.Ek 44.Bk -words 45.Op Fl f Ar config_file 46.Ek 47.Bk -words 48.Op Fl g Ar group 49.Ek 50.Bk -words 51.Op Fl m Ar mark_interval 52.Ek 53.Bk -words 54.Op Fl P Ar file_list 55.Ek 56.Bk -words 57.Oo 58.Fl p Ar log_socket 59.Op Fl p Ar log_socket2 ... 60.Oc 61.Ek 62.Bk -words 63.Op Fl t Ar chroot_dir 64.Ek 65.Bk -words 66.Op Fl u Ar user 67.Ek 68.Sh DESCRIPTION 69.Nm 70reads and logs messages to the system console, log files, other 71machines and/or users as specified by its configuration file. 72The options are as follows: 73.Bl -tag -width 15n 74.It Fl b Ar bind_address 75Specify one specific IP address or hostname to bind to. 76If a hostname is specified, the IPv4 or IPv6 address 77which corresponds to it is used. 78.It Fl d 79Enable debugging to the standard output, 80and do not disassociate from the controlling terminal. 81.It Fl f 82Specify the pathname of an alternative configuration file; 83the default is 84.Pa /etc/syslog.conf . 85.It Fl g Ar group 86Set GID to 87.Ar group 88after the sockets and log files have been opened. 89.It Fl m 90Select the number of minutes between ``mark'' messages; 91the default is 20 minutes. 92.It Fl n 93Do not perform hostname lookups; report only numeric addresses. 94.It Fl P 95Specify the pathname of a file containing a list of sockets to be 96created. 97The format of the file is simply one socket per line. 98.It Fl p 99Specify the pathname of a log socket. 100Multiple 101.Fl p 102options create multiple log sockets. 103If no 104.Fl p 105arguments are created, the default socket of 106.Pa /var/run/log 107is used. 108.It Fl r 109Disable the compression of repeated instances of the same line 110into a single line of the form 111.Dq last message repeated N times . 112.It Fl S 113Sync kernel messages to disk immediately. 114.It Fl s 115Select 116.Dq secure 117mode, in which 118.Nm 119does not listen on a UDP socket but only communicates over a 120.Ux 121domain socket. 122This is valuable when the machine on 123which 124.Nm 125runs is subject to attack over the network and it is desired 126that the machine be protected from attempts to remotely fill logs 127and similar attacks. 128.It Fl t Ar chroot_dir 129.Xr chroot 2 130to 131.Ar chroot_dir 132after the sockets and log files have been opened. 133.It Fl T 134Always use the local time and date for messages received from the 135network, instead of the timestamp field supplied in the message 136by the remote host. 137This is useful if some of the originating hosts can't keep time 138properly or are unable to generate a correct timestamp. 139.It Fl u Ar user 140Set UID to 141.Ar user 142after the sockets and log files have been opened. 143.It Fl U 144Unique priority logging. 145Only log messages at the priority specified by the selector in the 146configuration file. 147Without this option, messages at the specified priority or higher are 148logged. 149This option changes the default priority comparison from 150.Sq \*[Gt]= 151to 152.Sq = . 153.It Fl v 154Verbose logging. 155If specified once, the numeric facility and priority are logged with 156each locally-written message. 157If specified more than once, the names of the facility and priority are 158logged with each locally-written message. 159.El 160.Pp 161.Nm 162reads its configuration file when it starts up and whenever it 163receives a hangup signal. 164For information on the format of the configuration file, 165see 166.Xr syslog.conf 5 . 167.Pp 168.Nm 169reads messages from the 170.Ux 171domain socket 172.Pa /var/run/log , 173from an Internet domain socket specified in 174.Pa /etc/services , 175and from the special device 176.Pa /dev/klog 177(to read kernel messages). 178.Pp 179.Nm 180creates the file 181.Pa /var/run/syslogd.pid , 182and stores its process 183id there. 184This can be used to kill or reconfigure 185.Nm . 186.Pp 187By using multiple 188.Fl p 189options, one can set up many chroot environments by passing the pathname 190to the log socket 191.Pa ( /var/run/log ) 192in each chroot area to 193.Nm . 194For example: 195.Dl syslogd -p /var/run/log -p /web/var/run/log -p /ftp/var/run/log 196.Pp 197Note: the normal log socket must now also be passed to 198.Nm . 199.Pp 200The logged message includes the date, time, and hostname (or pathname of 201the log socket). 202Commonly, the program name and the process id is included. 203.Pp 204The date and time are taken from the received message. 205If the format of the timestamp field is incorrect, time obtained from 206the local host is used instead. 207This can be overridden by the 208.Fl T 209flag. 210.Pp 211Accesses from UDP socket can be filtered by libwrap configuration files, like 212.Pa /etc/hosts.deny . 213Specify 214.Dq Li syslogd 215in 216.Ar daemon_list 217portion of the configuration files. 218Refer to 219.Xr hosts_access 5 220for details. 221.Ss SYSLOG PROTOCOL NOTES 222The message sent to 223.Nm 224should consist of a single line. 225The message can contain a priority code, which should be a preceding 226decimal number in angle braces, for example, 227.Sq Aq 5 . 228This priority code should map into the priorities defined in the 229include file 230.Aq Pa sys/syslog.h . 231See RFC 3164 for detailed description of the message format. 232.Pp 233Messages from the local kernel that are not tagged with a priority code 234receive the default facility 235.Dv LOG_KERN 236and priority 237.Dv LOG_NOTICE . 238All other untagged messages receive the default facility 239.Dv LOG_USER 240and priority 241.Dv LOT_NOTICE . 242.Sh FILES 243.Bl -tag -width /var/run/syslogd.pid -compact 244.It Pa /etc/syslog.conf 245The configuration file. 246.It Pa /var/run/syslogd.pid 247The process id of current 248.Nm . 249.It Pa /var/run/log 250Name of the 251.Ux 252domain datagram log socket. 253.It Pa /dev/klog 254The kernel log device. 255.El 256.Sh SEE ALSO 257.Xr logger 1 , 258.Xr syslog 3 , 259.Xr services 5 , 260.Xr syslog.conf 5 , 261.Xr newsyslog 8 262.Rs 263.%R RFC 264.%N 3164 265.%D August 2001 266.%T The BSD syslog Protocol 267.Re 268.Sh HISTORY 269The 270.Nm 271command appeared in 272.Bx 4.3 . 273Support for multiple log sockets appeared in 274.Nx 1.4 . 275libwrap support appeared in 276.Nx 1.6 . 277