1.\" $OpenBSD: syslogd.8,v 1.42 2016/07/12 23:04:30 bluhm Exp $ 2.\" 3.\" Copyright (c) 1983, 1986, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" from: @(#)syslogd.8 8.1 (Berkeley) 6/6/93 31.\" $NetBSD: syslogd.8,v 1.3 1996/01/02 17:41:48 perry Exp $ 32.\" 33.Dd $Mdocdate: July 12 2016 $ 34.Dt SYSLOGD 8 35.Os 36.Sh NAME 37.Nm syslogd 38.Nd log systems messages 39.Sh SYNOPSIS 40.Nm syslogd 41.Bk -words 42.Op Fl 46dFhnuV 43.Op Fl a Ar path 44.Op Fl C Ar CAfile 45.Op Fl c Ar cert_file 46.Op Fl f Ar config_file 47.Op Fl k Ar key_file 48.Op Fl m Ar mark_interval 49.Op Fl p Ar log_socket 50.Op Fl S Ar listen_address 51.Op Fl s Ar reporting_socket 52.Op Fl T Ar listen_address 53.Op Fl U Ar bind_address 54.Ek 55.Sh DESCRIPTION 56.Nm 57reads and logs messages to the system console, log files, pipes to 58other programs, other machines and/or users as specified by its 59configuration file. 60.Pp 61The options are as follows: 62.Bl -tag -width Ds 63.It Fl 4 64Forces 65.Nm 66to use only IPv4 addresses for UDP. 67.It Fl 6 68Forces 69.Nm 70to use only IPv6 addresses for UDP. 71.It Fl a Ar path 72Specify a location where 73.Nm 74should place an additional log socket. 75Up to 20 additional logging sockets can be specified. 76The primary use for this is to place additional log sockets in 77.Pa /dev/log 78of various chroot filespaces, though the need for these is 79less urgent after the introduction of 80.Xr sendsyslog 2 . 81.It Fl C Ar CAfile 82PEM encoded file containing CA certificates used for certificate 83validation; 84the default is 85.Pa /etc/ssl/cert.pem . 86.It Fl c Ar cert_file 87PEM encoded file containing the client certificate for TLS connections 88to a remote host. 89The default is not to use a client certificate for the connection 90to a syslog server. 91This option has to be used together with 92.Fl k Ar key_file . 93.It Fl d 94Enable debugging to the standard output, 95and do not disassociate from the controlling terminal. 96.It Fl F 97Run in the foreground instead of disassociating from the controlling 98terminal and running as a background daemon. 99.It Fl f Ar config_file 100Specify the pathname of an alternate configuration file; 101the default is 102.Pa /etc/syslog.conf . 103.It Fl h 104Include the hostname when forwarding messages to a remote host. 105.It Fl k Ar key_file 106PEM encoded file containing the client private key for TLS connections 107to a remote host. 108This option has to be used together with 109.Fl c Ar cert_file . 110.It Fl m Ar mark_interval 111Select the number of minutes between 112.Dq mark 113messages; the default is 20 minutes. 114.It Fl n 115Print source addresses numerically rather than symbolically. 116This saves an address-to-name lookup for each incoming message, 117which can be useful when combined with the 118.Fl u 119option on a loghost with no DNS cache. 120Messages from the local host will still be logged with 121the symbolic local host name. 122.It Fl p Ar log_socket 123Specify the pathname of an alternate log socket to be used instead; 124the default is 125.Pa /dev/log . 126.It Fl S Ar listen_address 127Create a TLS listen socket for receiving encrypted messages and 128bind it to the specified address. 129A port number may be specified using the 130.Ar host:port 131syntax. 132The syslog server will attempt to look up a private key in 133.Pa /etc/ssl/private/host:port.key 134and a public certificate in 135.Pa /etc/ssl/host:port.crt , 136where 137.Ar host 138is the specified host name or IP address and 139.Ar port 140is the specified port if given on the command line. 141If these files are not present, syslogd will continue to look in 142.Pa /etc/ssl/private/host.key 143and 144.Pa /etc/ssl/host.crt . 145.It Fl s Ar reporting_socket 146Specify path to an 147.Dv AF_LOCAL 148socket for use in reporting logs stored in memory buffers using 149.Xr syslogc 8 . 150.It Fl T Ar listen_address 151Create a TCP listen socket for receiving messages and bind it to 152the specified address. 153There is no well-known port for syslog over TCP, so a port number 154must be specified using the 155.Ar host:port 156syntax. 157.It Fl U Ar bind_address 158Create a UDP socket for receiving messages and bind it to the 159specified address. 160This can be used, for example, with a pf divert-to rule to receive 161packets when syslogd is bound to localhost. 162A port number may be specified using the 163.Ar host:port 164syntax. 165.It Fl u 166Select the historical 167.Dq insecure 168mode, in which syslogd will 169accept input from the UDP port. 170Some software wants this, but you can be subjected to a variety of 171attacks over the network, including attackers remotely filling logs. 172.It Fl V 173Do not perform server certificate and hostname validation. 174.El 175.Pp 176.Nm 177reads its configuration file when it starts up and whenever it 178receives a hangup signal. 179For information on the format of the configuration file, 180see 181.Xr syslog.conf 5 . 182.Pp 183.Nm 184creates the file 185.Pa /var/run/syslog.pid , 186and stores its process ID there. 187This can be used to kill or reconfigure 188.Nm syslogd . 189.Pp 190.Nm 191opens an Internet domain socket as specified 192in 193.Pa /etc/services . 194Normally 195.Nm 196will only use this socket to send messages outwards, but in 197.Dq insecure 198mode it will also read messages from this socket. 199.Nm 200also opens and reads messages from the 201.Ux Ns -domain 202socket 203.Pa /dev/log , 204and from the special device 205.Pa /dev/klog 206(to read kernel messages). 207.Pp 208.Nm 209opens the above described socket whether or not it is 210running in secure mode. 211If 212.Nm 213is running in secure mode, all incoming data on this socket is discarded. 214The socket is required for sending forwarded messages. 215.Pp 216The message sent to 217.Nm 218should consist of a single line. 219The message can contain a priority code, which should be a preceding 220decimal number in angle braces, for example, 221.Dq <5> . 222This priority code should map into the priorities defined in the 223include file 224.In sys/syslog.h . 225.Sh FILES 226.Bl -tag -width /var/run/syslog.pid -compact 227.It Pa /etc/syslog.conf 228configuration file 229.It Pa /var/run/syslog.pid 230process ID of current 231.Nm syslogd 232.It Pa /dev/log 233name of the 234.Ux Ns -domain 235datagram log socket 236.It Pa /dev/klog 237kernel log device 238.El 239.Sh SEE ALSO 240.Xr logger 1 , 241.Xr syslog 3 , 242.Xr services 5 , 243.Xr syslog.conf 5 , 244.Xr newsyslog 8 , 245.Xr syslogc 8 246.Sh HISTORY 247The 248.Nm 249command appeared in 250.Bx 4.3 . 251.Sh CAVEATS 252.Nm 253does not create files, 254it only logs to existing ones. 255