1.\"	$OpenBSD: syslog.3,v 1.36 2020/02/05 12:35:19 schwarze Exp $
2.\"
3.\" Copyright (c) 1985, 1991, 1993
4.\"	The Regents of the University of California.  All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\" 3. Neither the name of the University nor the names of its contributors
15.\"    may be used to endorse or promote products derived from this software
16.\"    without specific prior written permission.
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28.\" SUCH DAMAGE.
29.\"
30.Dd $Mdocdate: February 5 2020 $
31.Dt SYSLOG 3
32.Os
33.Sh NAME
34.Nm syslog ,
35.Nm syslog_r ,
36.Nm vsyslog ,
37.Nm vsyslog_r ,
38.Nm openlog ,
39.Nm openlog_r ,
40.Nm closelog ,
41.Nm closelog_r ,
42.Nm setlogmask ,
43.Nm setlogmask_r
44.Nd control system log
45.Sh SYNOPSIS
46.In syslog.h
47.In stdarg.h
48.Ft void
49.Fn syslog "int priority" "const char *message" "..."
50.Ft void
51.Fn syslog_r "int priority" "struct syslog_data *data" "const char *message" "..."
52.Ft void
53.Fn vsyslog "int priority" "const char *message" "va_list args"
54.Ft void
55.Fn vsyslog_r "int priority" "struct syslog_data *data" "const char *message" "va_list args"
56.Ft void
57.Fn openlog "const char *ident" "int logopt" "int facility"
58.Ft void
59.Fn openlog_r "const char *ident" "int logopt" "int facility" "struct syslog_data *data"
60.Ft void
61.Fn closelog void
62.Ft void
63.Fn closelog_r "struct syslog_data *data"
64.Ft int
65.Fn setlogmask "int maskpri"
66.Ft int
67.Fn setlogmask_r "int maskpri" "struct syslog_data *data"
68.Sh DESCRIPTION
69The
70.Fn syslog
71function writes
72.Fa message
73to the system message logger.
74The message is then written to the system console, log files,
75logged-in users, or forwarded to other machines as appropriate (see
76.Xr syslogd 8 ) .
77.Pp
78The message is identical to a
79.Xr printf 3
80format string, except that
81.Ql %m
82is replaced by the current error
83message (as denoted by the global variable
84.Va errno ;
85see
86.Xr strerror 3 ) .
87A trailing newline is added if none is present.
88.Pp
89The
90.Fn syslog_r
91function is a reentrant version of the
92.Fn syslog
93function.
94It takes a pointer to a
95.Fa syslog_data
96structure which is used to store
97information.
98This parameter must be initialized before
99.Fn syslog_r
100is called.
101The
102.Dv SYSLOG_DATA_INIT
103constant is used for this purpose.
104.Pp
105The
106.Fn vsyslog
107function is an alternate form in which the arguments have already been captured
108using the variable-length argument facilities of
109.Xr va_start 3 .
110.Pp
111The message is tagged with
112.Fa priority .
113Priorities are encoded as a
114.Fa facility
115and a
116.Fa level .
117The
118.Fa facility
119describes the part of the system
120generating the message:
121.Bl -tag -width LOG_AUTHPRIV
122.It Dv LOG_AUTH
123The authorization system:
124.Xr login 1 ,
125.Xr su 1 ,
126.Xr getty 8 ,
127etc.
128.It Dv LOG_AUTHPRIV
129The same as
130.Dv LOG_AUTH ,
131but logged to a file readable only by
132selected individuals.
133.It Dv LOG_CRON
134The cron daemon,
135.Xr cron 8 .
136.It Dv LOG_DAEMON
137System daemons, such as
138.Xr dhcpd 8 ,
139that are not provided for explicitly by other facilities.
140.It Dv LOG_FTP
141The file transfer protocol daemon,
142.Xr ftpd 8 .
143.It Dv LOG_KERN
144Messages generated by the kernel.
145These cannot be generated by any user processes.
146.It Dv LOG_LPR
147The line printer spooling system:
148.Xr lpr 1 ,
149.Xr lpc 8 ,
150.Xr lpd 8 ,
151etc.
152.It Dv LOG_MAIL
153The mail system.
154.It Dv LOG_NEWS
155The network news system.
156.It Dv LOG_SYSLOG
157Messages generated internally by
158.Xr syslogd 8 .
159.It Dv LOG_USER
160Messages generated by random user processes.
161This is the default facility identifier if none is specified.
162.It Dv LOG_UUCP
163The UUCP system.
164.It Dv LOG_LOCAL0
165Reserved for local use.
166Similarly for
167.Dv LOG_LOCAL1
168through
169.Dv LOG_LOCAL7 .
170.El
171.Pp
172The
173.Fa level
174(ORed with the
175.Fa facility )
176is selected from the following list, ordered by decreasing importance:
177.Bl -tag -width LOG_AUTHPRIV
178.It Dv LOG_EMERG
179A panic condition.
180This is normally broadcast to all users.
181.It Dv LOG_ALERT
182A condition that should be corrected immediately, such as a corrupted
183system database.
184.It Dv LOG_CRIT
185Critical conditions, e.g., hard device errors.
186.It Dv LOG_ERR
187Errors.
188.It Dv LOG_WARNING
189Warning messages.
190.It Dv LOG_NOTICE
191Conditions that are not error conditions,
192but should possibly be handled specially.
193.It Dv LOG_INFO
194Informational messages.
195.It Dv LOG_DEBUG
196Messages that contain information
197normally of use only when debugging a program.
198.El
199.Pp
200The
201.Fn vsyslog_r
202function is used the same way as
203.Fn vsyslog
204except that it takes an additional pointer to a
205.Fa syslog_data
206structure.
207It is a reentrant version of the
208.Fn vsyslog
209function described above.
210.Pp
211The
212.Fn openlog
213function provides for more specialized processing of the messages sent by
214.Fn syslog
215and
216.Fn vsyslog .
217The parameter
218.Fa ident
219points to a string that will be prepended to every message;
220its storage must persist until
221.Fn closelog
222or the corresponding
223.Fn closelog_r .
224If the content of the string is changed, behaviour is unspecified.
225.Pp
226The
227.Fa logopt
228argument
229is a bit field specifying logging options, which is formed by OR'ing
230one or more of the following values:
231.Bl -tag -width LOG_AUTHPRIV
232.It Dv LOG_CONS
233If
234.Fn syslog
235cannot pass the message to
236.Xr syslogd 8
237it will attempt to write the message to the console
238.Pq Pa /dev/console .
239.It Dv LOG_NDELAY
240Open the connection to
241.Xr syslogd 8
242immediately.
243Normally the open is delayed until the first message is logged.
244Useful for programs that need to manage the order in which file
245descriptors are allocated.
246This option must be used in programs that call
247.Xr chroot 2
248where the new root does not have its own log socket.
249.It Dv LOG_ODELAY
250Delay opening the connection to
251.Xr syslogd 8
252until the first message is logged.
253This is the opposite of
254.Dv LOG_NDELAY
255and is the default behaviour when neither option is specified.
256.It Dv LOG_PERROR
257Write the message to standard error output as well as to the system log.
258.It Dv LOG_PID
259Log the process ID with each message; useful for identifying
260instantiations of daemons.
261.El
262.Pp
263The
264.Fa facility
265parameter encodes a default facility to be assigned to all messages
266that do not have an explicit facility encoded.
267.Pp
268The
269.Fn openlog_r
270function is the reentrant version of the
271.Fn openlog
272function.
273It takes an additional pointer to a
274.Fa syslog_data
275structure.
276This function must be used in conjunction with the other
277reentrant functions.
278.Pp
279The
280.Fn closelog
281function can be used to close the log file.
282.Fn closelog_r
283does the same thing but in a reentrant way and takes an additional
284pointer to a
285.Fa syslog_data
286structure.
287.Pp
288The
289.Fn setlogmask
290function sets the log priority mask to
291.Fa maskpri
292and returns the previous mask.
293Calls to
294.Fn syslog
295with a priority not set in
296.Fa maskpri
297are rejected.
298The mask for an individual priority
299.Fa pri
300is calculated by the macro
301.Fn LOG_MASK pri ;
302the mask for all priorities up to and including
303.Fa toppri
304is given by the macro
305.Fn LOG_UPTO toppri .
306The default allows all priorities to be logged, which
307corresponds to
308.Li setlogmask(LOG_UPTO(LOG_DEBUG)) .
309.Pp
310The
311.Fn setlogmask_r
312function is the reentrant version of
313.Fn setlogmask .
314It takes an additional pointer to a
315.Fa syslog_data
316structure.
317.Sh RETURN VALUES
318The routines
319.Fn setlogmask
320and
321.Fn setlogmask_r
322always return the previous log mask level.
323.Sh EXAMPLES
324.Bd -literal -offset indent
325syslog(LOG_ALERT, "who: internal error 23");
326
327openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
328
329setlogmask(LOG_UPTO(LOG_ERR));
330
331syslog(LOG_INFO, "Connection from host %d", CallingHost);
332
333syslog(LOG_INFO|LOG_LOCAL2, "foobar error: %m");
334.Ed
335.Pp
336For the reentrant functions:
337.Bd -literal -offset indent
338struct syslog_data sdata = SYSLOG_DATA_INIT;
339
340syslog_r(LOG_INFO|LOG_LOCAL2, &sdata, "foobar error: %m");
341.Ed
342.Sh SEE ALSO
343.Xr logger 1 ,
344.Xr syslogd 8
345.Sh STANDARDS
346The functions
347.Fn syslog ,
348.Fn openlog ,
349.Fn closelog ,
350and
351.Fn setlogmask
352conform to the X/Open Systems Interfaces option of
353.St -p1003.1-2008 .
354.Pp
355The facilities
356.Dv LOG_AUTHPRIV ,
357.Dv LOG_FTP ,
358and
359.Dv LOG_SYSLOG ,
360the option
361.Dv LOG_PERROR ,
362and the macro
363.Fn LOG_UPTO
364are extensions to that standard.
365.Pp
366The standard option
367.Dv LOG_NOWAIT
368is deprecated in
369.Ox
370and has no effect.
371.Sh HISTORY
372The functions
373.Fn syslog ,
374.Fn openlog ,
375and
376.Fn closelog
377appeared in
378.Bx 4.2 ,
379.Fn setlogmask
380in
381.Bx 4.3 ,
382and
383.Fn vsyslog
384in
385.Bx 4.3 Net/1 .
386.Pp
387The functions
388.Fn syslog_r ,
389.Fn vsyslog_r ,
390.Fn openlog_r ,
391.Fn closelog_r ,
392and
393.Fn setlogmask_r
394appeared in
395.Bx 386 0.1
396and have been available since
397.Ox 3.1 .
398.Sh CAVEATS
399It is important never to pass a string with user-supplied data as a
400format without using
401.Ql %s .
402An attacker can put format specifiers in the string to mangle the stack,
403leading to a possible security hole.
404This holds true even if the string has been built
405.Dq by hand
406using a function like
407.Fn snprintf ,
408as the resulting string may still contain user-supplied conversion specifiers
409for later interpolation by
410.Fn syslog .
411.Pp
412Always be sure to use the proper secure idiom:
413.Bd -literal -offset indent
414syslog(priority, "%s", string);
415.Ed
416.Pp
417.Fn syslog_r
418and the other reentrant functions should only be used where
419reentrancy is required (for instance, in a signal handler).
420.Fn syslog
421being not reentrant, only
422.Fn syslog_r
423should be used here.
424For more information about reentrancy and signal handlers, see
425.Xr signal 3 .
426