1.\" Copyright (c) 1983, 1986, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 4. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)syslogd.8 8.1 (Berkeley) 6/6/93 29.\" $FreeBSD: src/usr.sbin/syslogd/syslogd.8,v 1.64 2008/12/07 18:45:30 trhodes Exp $ 30.\" $DragonFly: src/usr.sbin/syslogd/syslogd.8,v 1.5 2006/05/26 19:39:41 swildner Exp $ 31.\" 32.Dd May 13, 2008 33.Dt SYSLOGD 8 34.Os 35.Sh NAME 36.Nm syslogd 37.Nd log systems messages 38.Sh SYNOPSIS 39.Nm 40.Op Fl 468ACcdknosuv 41.Op Fl a Ar allowed_peer 42.Op Fl b Ar bind_address 43.Op Fl f Ar config_file 44.Op Fl l Oo Ar mode : Oc Ns Ar path 45.Op Fl m Ar mark_interval 46.Op Fl P Ar pid_file 47.Op Fl p Ar log_socket 48.Sh DESCRIPTION 49The 50.Nm 51utility reads and logs messages to the system console, log files, other 52machines and/or users as specified by its configuration file. 53.Pp 54The options are as follows: 55.Bl -tag -width indent 56.It Fl 4 57Force 58.Nm 59to use IPv4 addresses only. 60.It Fl 6 61Force 62.Nm 63to use IPv6 addresses only. 64.It Fl 8 65Tells 66.Nm 67not to interfere with 8-bit data. Normally 68.Nm 69will replace C1 control characters 70.Pq ISO 8859 and Unicode characters 71with their 72.Dq M- Ns Em x 73equivalent. 74Note, this option does not change the way 75.Nm 76alters control characters 77.Pq see Xr iscntrl 3 . 78They will always be replaced with their 79.Dq ^ Ns Em x 80equivalent. 81.It Fl A 82Ordinarily, 83.Nm 84tries to send the message to only one address 85even if the host has more than one A or AAAA record. 86If this option is specified, 87.Nm 88tries to send the message to all addresses. 89.It Fl a Ar allowed_peer 90Allow 91.Ar allowed_peer 92to log to this 93.Nm 94using UDP datagrams. 95Multiple 96.Fl a 97options may be specified. 98.Pp 99The 100.Ar allowed_peer 101option may be any of the following: 102.Bl -tag -width "ipaddr/masklen[:service]XX" 103.It Xo 104.Sm off 105.Ar ipaddr 106.No / Ar masklen 107.Op : Ar service 108.Sm on 109.Xc 110Accept datagrams from 111.Ar ipaddr 112(in the usual dotted quad notation) with 113.Ar masklen 114bits being taken into account when doing the address comparison. 115.Ar ipaddr 116can be also IPv6 address by enclosing the address with 117.Ql \&[ 118and 119.Ql \&] . 120If specified, 121.Ar service 122is the name or number of an UDP service (see 123.Xr services 5 ) 124the source packet must belong to. 125A 126.Ar service 127of 128.Ql \&* 129allows packets being sent from any UDP port. 130The default 131.Ar service 132is 133.Ql syslog . 134If 135.Ar ipaddr 136is IPv4 address, a missing 137.Ar masklen 138will be substituted by the historic class A or class B netmasks if 139.Ar ipaddr 140belongs into the address range of class A or B, respectively, or 141by 24 otherwise. 142If 143.Ar ipaddr 144is IPv6 address, a missing 145.Ar masklen 146will be substituted by 128. 147.It Xo 148.Sm off 149.Ar domainname Op : Ar service 150.Sm on 151.Xc 152Accept datagrams where the reverse address lookup yields 153.Ar domainname 154for the sender address. 155The meaning of 156.Ar service 157is as explained above. 158.It Xo 159.Sm off 160.No * Ar domainname Op : Ar service 161.Sm on 162.Xc 163Same as before, except that any source host whose name 164.Em ends 165in 166.Ar domainname 167will get permission. 168.El 169.Pp 170The 171.Fl a 172options are ignored if the 173.Fl s 174option is also specified. 175.It Fl b Ar bind_address 176Specify one specific IP address or hostname to bind to. 177If a hostname is specified, 178the IPv4 or IPv6 address which corresponds to it is used. 179.It Fl C 180Create log files that do not exist (permission is set to 181.Li 0600 ) . 182.It Fl c 183Disable the compression of repeated instances of the same line 184into a single line of the form 185.Dq Li "last message repeated N times" 186when the output is a pipe to another program. 187If specified twice, disable this compression in all cases. 188.It Fl d 189Put 190.Nm 191into debugging mode. 192This is probably only of use to developers working on 193.Nm . 194.It Fl f 195Specify the pathname of an alternate configuration file; 196the default is 197.Pa /etc/syslog.conf . 198.It Fl k 199Disable the translation of 200messages received with facility 201.Dq kern 202to facility 203.Dq user . 204Usually the 205.Dq kern 206facility is reserved for messages read directly from 207.Pa /dev/klog . 208.It Fl m 209Select the number of minutes between 210.Dq mark 211messages; the default is 20 minutes. 212.It Fl n 213Disable dns query for every request. 214.It Fl o 215Prefix kernel messages with the full kernel boot file as determined by 216.Xr getbootfile 3 . 217Without this, the kernel message prefix is always 218.Dq Li kernel: . 219.It Fl p 220Specify the pathname of an alternate log socket to be used instead; 221the default is 222.Pa /var/run/log . 223.It Fl P 224Specify an alternative file in which to store the process ID. 225The default is 226.Pa /var/run/syslog.pid . 227.It Fl S 228Specify the pathname of an alternate log socket for privileged 229applications to be used instead; the default is 230.Pa /var/run/logpriv . 231.It Fl l 232Specify a location where 233.Nm 234should place an additional log socket. 235The primary use for this is to place additional log sockets in 236.Pa /var/run/log 237of various chroot filespaces. 238File permissions for socket can be specified in octal representation 239before socket name, delimited with a colon. 240Path to socket location must be absolute. 241.It Fl s 242Operate in secure mode. 243Do not log messages from remote machines. 244If 245specified twice, no network socket will be opened at all, which also 246disables logging to remote machines. 247.It Fl T 248Always use the local time and date for messages received from the network, 249instead of the timestamp field supplied in the message by the remote host. 250This is useful if some of the originating hosts can't keep time properly 251or are unable to generate a correct timestamp. 252.It Fl u 253Unique priority logging. 254Only log messages at the specified priority. 255Without this option, messages at the stated priority or higher are logged. 256This option changes the default comparison from 257.Dq => 258to 259.Dq = . 260.It Fl v 261Verbose logging. 262If specified once, the numeric facility and priority are 263logged with each locally-written message. 264If specified more than once, 265the names of the facility and priority are logged with each locally-written 266message. 267.El 268.Pp 269The 270.Nm 271utility reads its configuration file when it starts up and whenever it 272receives a hangup signal. 273For information on the format of the configuration file, 274see 275.Xr syslog.conf 5 . 276.Pp 277The 278.Nm 279utility reads messages from the 280.Ux 281domain sockets 282.Pa /var/run/log 283and 284.Pa /var/run/logpriv , 285from an Internet domain socket specified in 286.Pa /etc/services , 287and from the special device 288.Pa /dev/klog 289(to read kernel messages). 290.Pp 291The 292.Nm 293utility creates its process ID file, 294by default 295.Pa /var/run/syslog.pid , 296and stores its process 297ID there. 298This can be used to kill or reconfigure 299.Nm . 300.Pp 301The message sent to 302.Nm 303should consist of a single line. 304The message can contain a priority code, which should be a preceding 305decimal number in angle braces, for example, 306.Sq Aq 5 . 307This priority code should map into the priorities defined in the 308include file 309.In sys/syslog.h . 310.Pp 311For security reasons, 312.Nm 313will not append to log files that do not exist (unless 314.Fl C 315option is specified); 316therefore, they must be created manually before running 317.Nm . 318.Pp 319The date and time are taken from the received message. 320If the format of the timestamp field is incorrect, 321time obtained from the local host is used instead. 322This can be overriden by the 323.Fl T 324flag. 325.Sh FILES 326.Bl -tag -width /var/run/syslog.pid -compact 327.It Pa /etc/syslog.conf 328configuration file 329.It Pa /var/run/syslog.pid 330default process ID file 331.It Pa /var/run/log 332name of the 333.Ux 334domain datagram log socket 335.It Pa /var/run/logpriv 336.Ux 337socket for privileged applications 338.It Pa /dev/klog 339kernel log device 340.El 341.Sh SEE ALSO 342.Xr logger 1 , 343.Xr syslog 3 , 344.Xr services 5 , 345.Xr syslog.conf 5 , 346.Xr newsyslog 8 347.Sh HISTORY 348The 349.Nm 350utility appeared in 351.Bx 4.3 . 352.Pp 353The 354.Fl a , 355.Fl s , 356.Fl u , 357and 358.Fl v 359options are 360.Fx 2.2 361extensions. 362.Sh BUGS 363The ability to log messages received in UDP packets is equivalent to 364an unauthenticated remote disk-filling service, and should probably be 365disabled by default. 366Some sort of 367.No inter- Ns Nm syslogd 368authentication mechanism ought to be worked out. 369To prevent the worst 370abuse, use of the 371.Fl a 372option is therefore highly recommended. 373.Pp 374The 375.Fl a 376matching algorithm does not pretend to be very efficient; use of numeric 377IP addresses is faster than domain name comparison. 378Since the allowed 379peer list is being walked linearly, peer groups where frequent messages 380are being anticipated from should be put early into the 381.Fl a 382list. 383.Pp 384The log socket was moved from 385.Pa /dev 386to ease the use of a read-only root file system. 387This may confuse 388some old binaries so that a symbolic link might be used for a 389transitional period. 390