1.\" $OpenBSD: syslogd.8,v 1.28 2014/01/21 03:15:46 schwarze Exp $ 2.\" 3.\" Copyright (c) 1983, 1986, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" from: @(#)syslogd.8 8.1 (Berkeley) 6/6/93 31.\" $NetBSD: syslogd.8,v 1.3 1996/01/02 17:41:48 perry Exp $ 32.\" 33.Dd $Mdocdate: January 21 2014 $ 34.Dt SYSLOGD 8 35.Os 36.Sh NAME 37.Nm syslogd 38.Nd log systems messages 39.Sh SYNOPSIS 40.Nm syslogd 41.Bk -words 42.Op Fl dhnu 43.Op Fl a Ar path 44.Op Fl f Ar config_file 45.Op Fl m Ar mark_interval 46.Op Fl p Ar log_socket 47.Op Fl s Ar reporting_socket 48.Ek 49.Sh DESCRIPTION 50.Nm 51reads and logs messages to the system console, log files, pipes to 52other programs, other machines and/or users as specified by its 53configuration file. 54.Pp 55The options are as follows: 56.Bl -tag -width Ds 57.It Fl a Ar path 58Specify a location where 59.Nm 60should place an additional log socket. 61Up to about 20 additional logging sockets can be specified. 62The primary use for this is to place additional log sockets in 63.Pa /dev/log 64of various chroot filespaces. 65.It Fl d 66Enable debugging to the standard output, 67and do not disassociate from the controlling terminal. 68.It Fl f Ar config_file 69Specify the pathname of an alternate configuration file; 70the default is 71.Pa /etc/syslog.conf . 72.It Fl h 73Include the hostname when forwarding messages to a remote host. 74.It Fl m Ar mark_interval 75Select the number of minutes between 76.Dq mark 77messages; the default is 20 minutes. 78.It Fl n 79Print source addresses numerically rather than symbolically. 80This saves an address-to-name lookup for each incoming message, 81which can be useful when combined with the 82.Fl u 83option on a loghost with no DNS cache. 84Messages from the local host will still be logged with 85the symbolic local host name. 86.It Fl p Ar log_socket 87Specify the pathname of an alternate log socket to be used instead; 88the default is 89.Pa /dev/log . 90.It Fl s Ar reporting_socket 91Specify path to an 92.Dv AF_LOCAL 93socket for use in reporting logs stored in memory buffers using 94.Xr syslogc 8 . 95.It Fl u 96Select the historical 97.Dq insecure 98mode, in which syslogd will 99accept input from the UDP port. 100Some software wants this, but you can be subjected to a variety of 101attacks over the network, including attackers remotely filling logs. 102.El 103.Pp 104.Nm 105reads its configuration file when it starts up and whenever it 106receives a hangup signal. 107For information on the format of the configuration file, 108see 109.Xr syslog.conf 5 . 110.Pp 111.Nm 112creates the file 113.Pa /var/run/syslog.pid , 114and stores its process ID there. 115This can be used to kill or reconfigure 116.Nm syslogd . 117.Pp 118.Nm 119opens an Internet domain socket as specified 120in 121.Pa /etc/services . 122Normally 123.Nm 124will only use this socket to send messages outwards, but in 125.Dq insecure 126mode it will also read messages from this socket. 127.Nm 128also opens and reads messages from the 129.Ux Ns -domain 130socket 131.Pa /dev/log , 132and from the special device 133.Pa /dev/klog 134(to read kernel messages). 135.Pp 136.Nm 137opens the above described socket whether or not it is 138running in secure mode. 139If 140.Nm 141is running in secure mode, all incoming data on this socket is discarded. 142The socket is required for sending forwarded messages. 143.Pp 144The message sent to 145.Nm 146should consist of a single line. 147The message can contain a priority code, which should be a preceding 148decimal number in angle braces, for example, 149.Dq Aq 5 . 150This priority code should map into the priorities defined in the 151include file 152.In sys/syslog.h . 153.Sh FILES 154.Bl -tag -width /var/run/syslog.pid -compact 155.It Pa /etc/syslog.conf 156configuration file 157.It Pa /var/run/syslog.pid 158process ID of current 159.Nm syslogd 160.It Pa /dev/log 161name of the 162.Ux Ns -domain 163datagram log socket 164.It Pa /dev/klog 165kernel log device 166.El 167.Sh SEE ALSO 168.Xr logger 1 , 169.Xr syslog 3 , 170.Xr services 5 , 171.Xr syslog.conf 5 , 172.Xr newsyslog 8 , 173.Xr syslogc 8 174.Sh HISTORY 175The 176.Nm 177command appeared in 178.Bx 4.3 . 179.Sh CAVEATS 180.Nm 181does not create files, 182it only logs to existing ones. 183