1.\" $OpenBSD: syslogd.8,v 1.24 2007/05/31 19:20:29 jmc Exp $ 2.\" 3.\" Copyright (c) 1983, 1986, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" from: @(#)syslogd.8 8.1 (Berkeley) 6/6/93 31.\" $NetBSD: syslogd.8,v 1.3 1996/01/02 17:41:48 perry Exp $ 32.\" 33.Dd $Mdocdate: May 31 2007 $ 34.Dt SYSLOGD 8 35.Os 36.Sh NAME 37.Nm syslogd 38.Nd log systems messages 39.Sh SYNOPSIS 40.Nm syslogd 41.Bk -words 42.Op Fl dnu 43.Op Fl a Ar path 44.Op Fl f Ar config_file 45.Op Fl m Ar mark_interval 46.Op Fl p Ar log_socket 47.Op Fl s Ar reporting_socket 48.Ek 49.Sh DESCRIPTION 50.Nm 51reads and logs messages to the system console, log files, pipes to 52other programs, other machines and/or users as specified by its 53configuration file. 54.Pp 55The options are as follows: 56.Bl -tag -width Ds 57.It Fl a Pa path 58Specify a location where 59.Nm 60should place an additional log socket. 61Up to about 20 additional logging sockets can be specified. 62The primary use for this is to place additional log sockets in 63.Pa /dev/log 64of various chroot filespaces. 65.It Fl d 66Enable debugging to the standard output, 67and do not disassociate from the controlling terminal. 68.It Fl f Ar config_file 69Specify the pathname of an alternate configuration file; 70the default is 71.Pa /etc/syslog.conf . 72.It Fl m Ar mark_interval 73Select the number of minutes between 74.Dq mark 75messages; the default is 20 minutes. 76.It Fl n 77Print source addresses numerically rather than symbolically. 78This saves an address-to-name lookup for each incoming message, 79which can be useful when combined with the 80.Fl u 81option on a loghost with no DNS cache. 82Messages from the local host will still be logged with 83the symbolic local host name. 84.It Fl p Ar log_socket 85Specify the pathname of an alternate log socket to be used instead; 86the default is 87.Pa /dev/log . 88.It Fl s Ar reporting_socket 89Specify path to an 90.Dv AF_LOCAL 91socket for use in reporting logs stored in memory buffers using 92.Xr syslogc 8 . 93.It Fl u 94Select the historical 95.Dq insecure 96mode, in which syslogd will 97accept input from the UDP port. 98Some software wants this, but you can be subjected to a variety of 99attacks over the network, including attackers remotely filling logs. 100.El 101.Pp 102.Nm 103reads its configuration file when it starts up and whenever it 104receives a hangup signal. 105For information on the format of the configuration file, 106see 107.Xr syslog.conf 5 . 108.Pp 109.Nm 110creates the file 111.Pa /var/run/syslog.pid , 112and stores its process ID there. 113This can be used to kill or reconfigure 114.Nm syslogd . 115.Pp 116.Nm 117opens an Internet domain socket as specified 118in 119.Pa /etc/services . 120Normally 121.Nm 122will only use this socket to send messages outwards, but in 123.Dq insecure 124mode it will also read messages from this socket. 125.Nm 126also opens and reads messages from the 127.Tn UNIX 128domain socket 129.Pa /dev/log , 130and from the special device 131.Pa /dev/klog 132(to read kernel messages). 133.Pp 134.Nm 135opens the above described socket whether or not it is 136running in secure mode. 137If 138.Nm 139is running in secure mode, all incoming data on this socket is discarded. 140The socket is required for sending forwarded messages. 141.Pp 142The message sent to 143.Nm 144should consist of a single line. 145The message can contain a priority code, which should be a preceding 146decimal number in angle braces, for example, 147.Dq Aq 5 . 148This priority code should map into the priorities defined in the 149include file 150.Aq Pa sys/syslog.h . 151.Sh FILES 152.Bl -tag -width /var/run/syslog.pid -compact 153.It Pa /etc/syslog.conf 154configuration file 155.It Pa /var/run/syslog.pid 156process ID of current 157.Nm syslogd 158.It Pa /dev/log 159name of the 160.Tn UNIX 161domain datagram log socket 162.It Pa /dev/klog 163kernel log device 164.El 165.Sh SEE ALSO 166.Xr logger 1 , 167.Xr syslog 3 , 168.Xr services 5 , 169.Xr syslog.conf 5 , 170.Xr newsyslog 8 , 171.Xr syslogc 8 172.Sh HISTORY 173The 174.Nm 175command appeared in 176.Bx 4.3 . 177.Sh CAVEATS 178.Nm 179does not create files, 180it only logs to existing ones. 181