1.\" Copyright (c) 1983, 1986, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)syslogd.8 8.1 (Berkeley) 6/6/93 33.\" $FreeBSD: src/usr.sbin/syslogd/syslogd.8,v 1.51 2004/07/02 23:12:57 ru Exp $ 34.\" $DragonFly: src/usr.sbin/syslogd/syslogd.8,v 1.4 2004/12/26 12:37:08 swildner Exp $ 35.\" 36.Dd November 24, 2001 37.Dt SYSLOGD 8 38.Os 39.Sh NAME 40.Nm syslogd 41.Nd log systems messages 42.Sh SYNOPSIS 43.Nm 44.Op Fl 46Acdknosuv 45.Op Fl a Ar allowed_peer 46.Op Fl b Ar bind_address 47.Op Fl f Ar config_file 48.Op Fl l Ar path 49.Op Fl m Ar mark_interval 50.Op Fl P Ar pid_file 51.Op Fl p Ar log_socket 52.Sh DESCRIPTION 53The 54.Nm 55utility reads and logs messages to the system console, log files, other 56machines and/or users as specified by its configuration file. 57.Pp 58The options are as follows: 59.Bl -tag -width indent 60.It Fl 4 61Force 62.Nm 63to use IPv4 addresses only. 64.It Fl 6 65Force 66.Nm 67to use IPv6 addresses only. 68.It Fl A 69Ordinarily, 70.Nm 71tries to send the message to only one address 72even if the host has more than one A or AAAA record. 73If this option is specified, 74.Nm 75tries to send the message to all addresses. 76.It Fl a Ar allowed_peer 77Allow 78.Ar allowed_peer 79to log to this 80.Nm 81using UDP datagrams. 82Multiple 83.Fl a 84options may be specified. 85.Pp 86.Ar Allowed_peer 87can be any of the following: 88.Bl -tag -width "ipaddr/masklen[:service]XX" 89.It Xo 90.Sm off 91.Ar ipaddr 92.No / Ar masklen 93.Op : Ar service 94.Sm on 95.Xc 96Accept datagrams from 97.Ar ipaddr 98(in the usual dotted quad notation) with 99.Ar masklen 100bits being taken into account when doing the address comparison. 101.Ar ipaddr 102can be also IPv6 address by enclosing the address with 103.Ql \&[ 104and 105.Ql \&] . 106If specified, 107.Ar service 108is the name or number of an UDP service (see 109.Xr services 5 ) 110the source packet must belong to. 111A 112.Ar service 113of 114.Ql \&* 115allows packets being sent from any UDP port. 116The default 117.Ar service 118is 119.Ql syslog . 120If 121.Ar ipaddr 122is IPv4 address, a missing 123.Ar masklen 124will be substituted by the historic class A or class B netmasks if 125.Ar ipaddr 126belongs into the address range of class A or B, respectively, or 127by 24 otherwise. 128If 129.Ar ipaddr 130is IPv6 address, a missing 131.Ar masklen 132will be substituted by 128. 133.It Xo 134.Sm off 135.Ar domainname Op : Ar service 136.Sm on 137.Xc 138Accept datagrams where the reverse address lookup yields 139.Ar domainname 140for the sender address. 141The meaning of 142.Ar service 143is as explained above. 144.It Xo 145.Sm off 146.No * Ar domainname Op : Ar service 147.Sm on 148.Xc 149Same as before, except that any source host whose name 150.Em ends 151in 152.Ar domainname 153will get permission. 154.El 155.Pp 156The 157.Fl a 158options are ignored if the 159.Fl s 160option is also specified. 161.It Fl b Ar bind_address 162Specify one specific IP address or hostname to bind to. 163If a hostname is specified, 164the IPv4 or IPv6 address which corresponds to it is used. 165.It Fl c 166Disable the compression of repeated instances of the same line 167into a single line of the form 168.Dq Li "last message repeated N times" 169when the output is a pipe to another program. 170If specified twice, disable this compression in all cases. 171.It Fl d 172Put 173.Nm 174into debugging mode. 175This is probably only of use to developers working on 176.Nm . 177.It Fl f 178Specify the pathname of an alternate configuration file; 179the default is 180.Pa /etc/syslog.conf . 181.It Fl k 182Disable the translation of 183messages received with facility 184.Dq kern 185to facility 186.Dq user . 187Usually the 188.Dq kern 189facility is reserved for messages read directly from 190.Pa /dev/klog . 191.It Fl m 192Select the number of minutes between 193.Dq mark 194messages; the default is 20 minutes. 195.It Fl n 196Disable dns query for every request. 197.It Fl o 198Prefix kernel messages with the full kernel boot file as determined by 199.Xr getbootfile 3 . 200Without this, the kernel message prefix is always 201.Dq Li kernel: . 202.It Fl p 203Specify the pathname of an alternate log socket to be used instead; 204the default is 205.Pa /var/run/log . 206.It Fl P 207Specify an alternative file in which to store the process ID. 208The default is 209.Pa /var/run/syslog.pid . 210.It Fl l 211Specify a location where 212.Nm 213should place an additional log socket. 214Up to 19 additional logging sockets can be specified. 215The primary use for this is to place additional log sockets in 216.Pa /var/run/log 217of various chroot filespaces. 218.It Fl s 219Operate in secure mode. 220Do not log messages from remote machines. 221If 222specified twice, no network socket will be opened at all, which also 223disables logging to remote machines. 224.It Fl u 225Unique priority logging. 226Only log messages at the specified priority. 227Without this option, messages at the stated priority or higher are logged. 228This option changes the default comparison from 229.Dq => 230to 231.Dq = . 232.It Fl v 233Verbose logging. 234If specified once, the numeric facility and priority are 235logged with each locally-written message. 236If specified more than once, 237the names of the facility and priority are logged with each locally-written 238message. 239.El 240.Pp 241The 242.Nm 243utility reads its configuration file when it starts up and whenever it 244receives a hangup signal. 245For information on the format of the configuration file, 246see 247.Xr syslog.conf 5 . 248.Pp 249The 250.Nm 251utility reads messages from the 252.Ux 253domain socket 254.Pa /var/run/log , 255from an Internet domain socket specified in 256.Pa /etc/services , 257and from the special device 258.Pa /dev/klog 259(to read kernel messages). 260.Pp 261The 262.Nm 263utility creates its process ID file, 264by default 265.Pa /var/run/syslog.pid , 266and stores its process 267ID there. 268This can be used to kill or reconfigure 269.Nm . 270.Pp 271The message sent to 272.Nm 273should consist of a single line. 274The message can contain a priority code, which should be a preceding 275decimal number in angle braces, for example, 276.Sq Aq 5 . 277This priority code should map into the priorities defined in the 278include file 279.Aq Pa sys/syslog.h . 280.Pp 281For security reasons, 282.Nm 283will not append to log files that do not exist; 284therefore, they must be created manually before running 285.Nm . 286.Sh FILES 287.Bl -tag -width /var/run/syslog.pid -compact 288.It Pa /etc/syslog.conf 289configuration file 290.It Pa /var/run/syslog.pid 291default process ID file 292.It Pa /var/run/log 293name of the 294.Ux 295domain datagram log socket 296.It Pa /dev/klog 297kernel log device 298.El 299.Sh SEE ALSO 300.Xr logger 1 , 301.Xr syslog 3 , 302.Xr services 5 , 303.Xr syslog.conf 5 304.Sh HISTORY 305The 306.Nm 307utility appeared in 308.Bx 4.3 . 309.Pp 310The 311.Fl a , 312.Fl s , 313.Fl u , 314and 315.Fl v 316options are 317.Fx 2.2 318extensions. 319.Sh BUGS 320The ability to log messages received in UDP packets is equivalent to 321an unauthenticated remote disk-filling service, and should probably be 322disabled by default. 323Some sort of 324.No inter- Ns Nm syslogd 325authentication mechanism ought to be worked out. 326To prevent the worst 327abuse, use of the 328.Fl a 329option is therefore highly recommended. 330.Pp 331The 332.Fl a 333matching algorithm doesn't pretend to be very efficient; use of numeric 334IP addresses is faster than domain name comparison. 335Since the allowed 336peer list is being walked linearly, peer groups where frequent messages 337are being anticipated from should be put early into the 338.Fl a 339list. 340.Pp 341The log socket was moved from 342.Pa /dev 343to ease the use of a read-only root file system. 344This may confuse 345some old binaries so that a symbolic link might be used for a 346transitional period. 347