1.\" $NetBSD: syslogd.8,v 1.54 2013/01/14 03:05:41 dholland Exp $ 2.\" 3.\" Copyright (c) 1983, 1986, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" from: @(#)syslogd.8 8.1 (Berkeley) 6/6/93 31.\" 32.Dd March 28, 2012 33.Dt SYSLOGD 8 34.Os 35.Sh NAME 36.Nm syslogd 37.Nd log systems messages 38.Sh SYNOPSIS 39.Nm 40.Op Fl dnrSsTUv 41.Op Fl b Ar bind_address 42.Op Fl f Ar config_file 43.Op Fl g Ar group 44.Op Fl m Ar mark_interval 45.Op Fl o Ar output_format 46.Op Fl P Ar file_list 47.Oo 48.Fl p Ar log_socket 49.Op Fl p Ar log_socket2 ... 50.Oc 51.Op Fl t Ar chroot_dir 52.Op Fl u Ar user 53.Sh DESCRIPTION 54.Nm 55reads and logs messages to the system console, log files, other 56machines and/or users as specified by its configuration file. 57The options are as follows: 58.Bl -tag -width 15n 59.It Fl b Ar bind_address 60Specify one specific IP address or hostname to bind to. 61If a hostname is specified, the IPv4 or IPv6 address 62which corresponds to it is used. 63.It Fl d 64Enable debugging to the standard output, 65and do not disassociate from the controlling terminal. 66.It Fl f Ar config_file 67Specify the pathname of an alternative configuration file; 68the default is 69.Pa /etc/syslog.conf . 70.It Fl g Ar group 71Set GID to 72.Ar group 73after the sockets and log files have been opened. 74.It Fl m Ar mark_interval 75Select the number of minutes between ``mark'' messages; 76the default is 20 minutes. 77.It Fl n 78Do not perform hostname lookups; report only numeric addresses. 79.It Fl o Ar output_format 80Select output message format. 81.Bl -hang 82.It Em bsd , rfc3164 83traditional BSD Syslog format (default) 84.It Em syslog , rfc5424 85new syslog-protocol format 86.El 87.It Fl P 88Specify the pathname of a file containing a list of sockets to be 89created. 90The format of the file is simply one socket per line. 91.It Fl p Ar log_socket 92Specify the pathname of a log socket. 93Multiple 94.Fl p 95options create multiple log sockets. 96If no 97.Fl p 98arguments are given, the default socket of 99.Pa /var/run/log 100is used. 101.It Fl r 102Disable the compression of repeated instances of the same line 103into a single line of the form 104.Dq last message repeated N times . 105.It Fl S 106Sync kernel messages to disk immediately. 107.It Fl s 108Select 109.Dq secure 110mode, in which 111.Nm 112does not listen on a UDP socket but only communicates over a 113.Ux 114domain socket. 115This is valuable when the machine on 116which 117.Nm 118runs is subject to attack over the network and it is desired 119that the machine be protected from attempts to remotely fill logs 120and similar attacks. 121.It Fl t Ar chroot_dir 122.Xr chroot 2 123to 124.Ar chroot_dir 125after the sockets and log files have been opened. 126.It Fl T 127Always use the local time and date for messages received from the 128network, instead of the timestamp field supplied in the message 129by the remote host. 130This is useful if some of the originating hosts can't keep time 131properly or are unable to generate a correct timestamp. 132.It Fl u Ar user 133Set UID to 134.Ar user 135after the sockets and log files have been opened. 136.It Fl U 137Unique priority logging. 138Only log messages at the priority specified by the selector in the 139configuration file. 140Without this option, messages at the specified priority or higher are 141logged. 142This option changes the default priority comparison from 143.Sq \*[Gt]= 144to 145.Sq = . 146.It Fl v 147Verbose logging. 148If specified once, the numeric facility and priority are logged with 149each locally-written message. 150If specified more than once, the names of the facility and priority are 151logged with each locally-written message. 152.El 153.Pp 154.Nm 155reads its configuration file when it starts up and whenever it 156receives a hangup signal. 157For information on the format of the configuration file, 158see 159.Xr syslog.conf 5 . 160.Pp 161.Nm 162reads messages from the 163.Ux 164domain socket 165.Pa /var/run/log , 166from an Internet domain socket specified in 167.Pa /etc/services , 168and from the special device 169.Pa /dev/klog 170(to read kernel messages). 171.Pp 172.Nm 173creates the file 174.Pa /var/run/syslogd.pid , 175and stores its process 176id there. 177This can be used to kill or reconfigure 178.Nm . 179.Pp 180By using multiple 181.Fl p 182options, one can set up many chroot environments by passing the pathname 183to the log socket 184.Pa ( /var/run/log ) 185in each chroot area to 186.Nm . 187For example: 188.Dl syslogd -p /var/run/log -p /web/var/run/log -p /ftp/var/run/log 189.Pp 190Note: the normal log socket must now also be passed to 191.Nm . 192.Pp 193The logged message includes the date, time, and hostname (or pathname of 194the log socket). 195Commonly, the program name and the process id is included. 196.Pp 197The date and time are taken from the received message. 198If the format of the timestamp field is incorrect, time obtained from 199the local host is used instead. 200This can be overridden by the 201.Fl T 202flag. 203.Pp 204Accesses from UDP socket can be filtered by libwrap configuration files, like 205.Pa /etc/hosts.deny . 206Specify 207.Dq Li syslogd 208in 209.Ar daemon_list 210portion of the configuration files. 211Refer to 212.Xr hosts_access 5 213for details. 214.Ss SYSLOG PROTOCOL NOTES 215.Nm 216accepts messages in traditional BSD Syslog or in newer Syslog Protocol 217format. 218See RFC 3164 (BSD Syslog) and RFC 5424 (Syslog Protocol) for detailed 219description of the message format. 220Messages from the local kernel that are not tagged with a priority code 221receive the default facility 222.Dv LOG_KERN 223and priority 224.Dv LOG_NOTICE . 225All other untagged messages receive the default facility 226.Dv LOG_USER 227and priority 228.Dv LOG_NOTICE . 229.Sh FILES 230.Bl -tag -width /var/run/syslogd.pid -compact 231.It Pa /etc/syslog.conf 232The configuration file. 233.It Pa /var/run/syslogd.pid 234The process id of current 235.Nm . 236.It Pa /var/run/log 237Name of the 238.Ux 239domain datagram log socket. 240.It Pa /dev/klog 241The kernel log device. 242.El 243.Sh SEE ALSO 244.Xr logger 1 , 245.Xr syslog 3 , 246.Xr services 5 , 247.Xr syslog.conf 5 , 248.Xr newsyslog 8 249.Rs 250.%R RFC 251.%N 3164 252.%D August 2001 253.%T The BSD syslog Protocol 254.Re 255.Rs 256.%R RFC 257.%N 5424 258.%D March 2009 259.%T The Syslog Protocol 260.Re 261.Sh HISTORY 262The 263.Nm 264command appeared in 265.Bx 4.3 . 266Support for multiple log sockets appeared in 267.Nx 1.4 . 268libwrap support appeared in 269.Nx 1.6 . 270Support for RFC 5424, TLS encryption and authentication, signed messages 271appeared in 272.Nx 6.0 . 273