1.\" $OpenBSD: syslog.3,v 1.37 2022/03/31 17:27:15 naddy Exp $ 2.\" 3.\" Copyright (c) 1985, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.Dd $Mdocdate: March 31 2022 $ 31.Dt SYSLOG 3 32.Os 33.Sh NAME 34.Nm syslog , 35.Nm syslog_r , 36.Nm vsyslog , 37.Nm vsyslog_r , 38.Nm openlog , 39.Nm openlog_r , 40.Nm closelog , 41.Nm closelog_r , 42.Nm setlogmask , 43.Nm setlogmask_r 44.Nd control system log 45.Sh SYNOPSIS 46.In syslog.h 47.In stdarg.h 48.Ft void 49.Fn syslog "int priority" "const char *message" "..." 50.Ft void 51.Fn syslog_r "int priority" "struct syslog_data *data" "const char *message" "..." 52.Ft void 53.Fn vsyslog "int priority" "const char *message" "va_list args" 54.Ft void 55.Fn vsyslog_r "int priority" "struct syslog_data *data" "const char *message" "va_list args" 56.Ft void 57.Fn openlog "const char *ident" "int logopt" "int facility" 58.Ft void 59.Fn openlog_r "const char *ident" "int logopt" "int facility" "struct syslog_data *data" 60.Ft void 61.Fn closelog void 62.Ft void 63.Fn closelog_r "struct syslog_data *data" 64.Ft int 65.Fn setlogmask "int maskpri" 66.Ft int 67.Fn setlogmask_r "int maskpri" "struct syslog_data *data" 68.Sh DESCRIPTION 69The 70.Fn syslog 71function writes 72.Fa message 73to the system message logger. 74The message is then written to the system console, log files, 75logged-in users, or forwarded to other machines as appropriate (see 76.Xr syslogd 8 ) . 77.Pp 78The message is identical to a 79.Xr printf 3 80format string, except that 81.Ql %m 82is replaced by the current error 83message (as denoted by the global variable 84.Va errno ; 85see 86.Xr strerror 3 ) . 87A trailing newline is added if none is present. 88.Pp 89The 90.Fn syslog_r 91function is a reentrant version of the 92.Fn syslog 93function. 94It takes a pointer to a 95.Fa syslog_data 96structure which is used to store 97information. 98This parameter must be initialized before 99.Fn syslog_r 100is called. 101The 102.Dv SYSLOG_DATA_INIT 103constant is used for this purpose. 104.Pp 105The 106.Fn vsyslog 107function is an alternate form in which the arguments have already been captured 108using the variable-length argument facilities of 109.Xr va_start 3 . 110.Pp 111The message is tagged with 112.Fa priority . 113Priorities are encoded as a 114.Fa facility 115and a 116.Fa level . 117The 118.Fa facility 119describes the part of the system 120generating the message: 121.Bl -tag -width LOG_AUTHPRIV 122.It Dv LOG_AUTH 123The authorization system: 124.Xr login 1 , 125.Xr su 1 , 126.Xr getty 8 , 127etc. 128.It Dv LOG_AUTHPRIV 129The same as 130.Dv LOG_AUTH , 131but logged to a file readable only by 132selected individuals. 133.It Dv LOG_CRON 134The cron daemon, 135.Xr cron 8 . 136.It Dv LOG_DAEMON 137System daemons, such as 138.Xr dhcpd 8 , 139that are not provided for explicitly by other facilities. 140.It Dv LOG_FTP 141The file transfer protocol daemon, 142.Xr ftpd 8 . 143.It Dv LOG_KERN 144Messages generated by the kernel. 145These cannot be generated by any user processes. 146.It Dv LOG_LPR 147The line printer spooling system: 148.Xr lpr 1 , 149.Xr lpc 8 , 150.Xr lpd 8 , 151etc. 152.It Dv LOG_MAIL 153The mail system. 154.It Dv LOG_NEWS 155The network news system. 156.It Dv LOG_SYSLOG 157Messages generated internally by 158.Xr syslogd 8 . 159.It Dv LOG_USER 160Messages generated by random user processes. 161This is the default facility identifier if none is specified. 162.It Dv LOG_UUCP 163The UUCP system. 164.It Dv LOG_LOCAL0 165Reserved for local use. 166Similarly for 167.Dv LOG_LOCAL1 168through 169.Dv LOG_LOCAL7 . 170.El 171.Pp 172The 173.Fa level 174(ORed with the 175.Fa facility ) 176is selected from the following list, ordered by decreasing importance: 177.Bl -tag -width LOG_AUTHPRIV 178.It Dv LOG_EMERG 179A panic condition. 180This is normally broadcast to all users. 181.It Dv LOG_ALERT 182A condition that should be corrected immediately, such as a corrupted 183system database. 184.It Dv LOG_CRIT 185Critical conditions, e.g., hard device errors. 186.It Dv LOG_ERR 187Errors. 188.It Dv LOG_WARNING 189Warning messages. 190.It Dv LOG_NOTICE 191Conditions that are not error conditions, 192but should possibly be handled specially. 193.It Dv LOG_INFO 194Informational messages. 195.It Dv LOG_DEBUG 196Messages that contain information 197normally of use only when debugging a program. 198.El 199.Pp 200The 201.Fn vsyslog_r 202function is used the same way as 203.Fn vsyslog 204except that it takes an additional pointer to a 205.Fa syslog_data 206structure. 207It is a reentrant version of the 208.Fn vsyslog 209function described above. 210.Pp 211The 212.Fn openlog 213function provides for more specialized processing of the messages sent by 214.Fn syslog 215and 216.Fn vsyslog . 217The parameter 218.Fa ident 219points to a string that will be prepended to every message; 220its storage must persist until 221.Fn closelog 222or the corresponding 223.Fn closelog_r . 224If the content of the string is changed, behaviour is unspecified. 225.Pp 226The 227.Fa logopt 228argument 229is a bit field specifying logging options, which is formed by OR'ing 230one or more of the following values: 231.Bl -tag -width LOG_AUTHPRIV 232.It Dv LOG_CONS 233If 234.Fn syslog 235cannot pass the message to 236.Xr syslogd 8 , 237it will attempt to write the message to the console 238.Pq Pa /dev/console . 239.It Dv LOG_NDELAY 240Open the connection to 241.Xr syslogd 8 242immediately. 243Normally the open is delayed until the first message is logged. 244Useful for programs that need to manage the order in which file 245descriptors are allocated. 246This option must be used in programs that call 247.Xr chroot 2 248where the new root does not have its own log socket. 249.It Dv LOG_ODELAY 250Delay opening the connection to 251.Xr syslogd 8 252until the first message is logged. 253This is the opposite of 254.Dv LOG_NDELAY 255and is the default behaviour when neither option is specified. 256.It Dv LOG_PERROR 257Write the message to standard error output as well as to the system log. 258.It Dv LOG_PID 259Log the process ID with each message; useful for identifying 260instantiations of daemons. 261.El 262.Pp 263The 264.Fa facility 265parameter encodes a default facility to be assigned to all messages 266that do not have an explicit facility encoded. 267.Pp 268The 269.Fn openlog_r 270function is the reentrant version of the 271.Fn openlog 272function. 273It takes an additional pointer to a 274.Fa syslog_data 275structure. 276This function must be used in conjunction with the other 277reentrant functions. 278.Pp 279The 280.Fn closelog 281function can be used to close the log file. 282.Fn closelog_r 283does the same thing but in a reentrant way and takes an additional 284pointer to a 285.Fa syslog_data 286structure. 287.Pp 288The 289.Fn setlogmask 290function sets the log priority mask to 291.Fa maskpri 292and returns the previous mask. 293Calls to 294.Fn syslog 295with a priority not set in 296.Fa maskpri 297are rejected. 298The mask for an individual priority 299.Fa pri 300is calculated by the macro 301.Fn LOG_MASK pri ; 302the mask for all priorities up to and including 303.Fa toppri 304is given by the macro 305.Fn LOG_UPTO toppri . 306The default allows all priorities to be logged, which 307corresponds to 308.Li setlogmask(LOG_UPTO(LOG_DEBUG)) . 309.Pp 310The 311.Fn setlogmask_r 312function is the reentrant version of 313.Fn setlogmask . 314It takes an additional pointer to a 315.Fa syslog_data 316structure. 317.Sh RETURN VALUES 318The routines 319.Fn setlogmask 320and 321.Fn setlogmask_r 322always return the previous log mask level. 323.Sh EXAMPLES 324.Bd -literal -offset indent 325syslog(LOG_ALERT, "who: internal error 23"); 326 327openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP); 328 329setlogmask(LOG_UPTO(LOG_ERR)); 330 331syslog(LOG_INFO, "Connection from host %d", CallingHost); 332 333syslog(LOG_INFO|LOG_LOCAL2, "foobar error: %m"); 334.Ed 335.Pp 336For the reentrant functions: 337.Bd -literal -offset indent 338struct syslog_data sdata = SYSLOG_DATA_INIT; 339 340syslog_r(LOG_INFO|LOG_LOCAL2, &sdata, "foobar error: %m"); 341.Ed 342.Sh SEE ALSO 343.Xr logger 1 , 344.Xr syslogd 8 345.Sh STANDARDS 346The functions 347.Fn syslog , 348.Fn openlog , 349.Fn closelog , 350and 351.Fn setlogmask 352conform to the X/Open Systems Interfaces option of 353.St -p1003.1-2008 . 354.Pp 355The facilities 356.Dv LOG_AUTHPRIV , 357.Dv LOG_FTP , 358and 359.Dv LOG_SYSLOG , 360the option 361.Dv LOG_PERROR , 362and the macro 363.Fn LOG_UPTO 364are extensions to that standard. 365.Pp 366The standard option 367.Dv LOG_NOWAIT 368is deprecated in 369.Ox 370and has no effect. 371.Sh HISTORY 372The functions 373.Fn syslog , 374.Fn openlog , 375and 376.Fn closelog 377appeared in 378.Bx 4.2 , 379.Fn setlogmask 380in 381.Bx 4.3 , 382and 383.Fn vsyslog 384in 385.Bx 4.3 Net/1 . 386.Pp 387The functions 388.Fn syslog_r , 389.Fn vsyslog_r , 390.Fn openlog_r , 391.Fn closelog_r , 392and 393.Fn setlogmask_r 394appeared in 395.Bx 386 0.1 396and have been available since 397.Ox 3.1 . 398.Sh CAVEATS 399It is important never to pass a string with user-supplied data as a 400format without using 401.Ql %s . 402An attacker can put format specifiers in the string to mangle the stack, 403leading to a possible security hole. 404This holds true even if the string has been built 405.Dq by hand 406using a function like 407.Fn snprintf , 408as the resulting string may still contain user-supplied conversion specifiers 409for later interpolation by 410.Fn syslog . 411.Pp 412Always be sure to use the proper secure idiom: 413.Bd -literal -offset indent 414syslog(priority, "%s", string); 415.Ed 416.Pp 417.Fn syslog_r 418and the other reentrant functions should only be used where 419reentrancy is required (for instance, in a signal handler). 420.Fn syslog 421being not reentrant, only 422.Fn syslog_r 423should be used here. 424For more information about reentrancy and signal handlers, see 425.Xr signal 3 . 426