syslogd(1M)

NAME | SYNOPSIS | DESCRIPTION | FILES | SEE ALSO | BUGS

NAME

syslogd- log systems messages

SYNOPSIS

syslogd [-dsuv] [-a allowed_peer] [-f config_file] [-m mark_interval] [-p log_socket] [-l path]

DESCRIPTION

The syslogd daemon reads and logs messages to the system console, log files, other machines and/or users as specified by its configuration file.

-a allowed_peer

Allow allowed_peer to log to this syslogd using UDP datagrams. Multiple -a options may be specified.

allowed_peer can be any of the following:

ipaddr/masklen[:service]

Accept datagrams from ipaddr (in the usual dotted quad notation) with masklen bits being taken into account when doing the address comparison. If specified, service is the name or number of an UDP service to which the source packet belongs (see services(4CC)). A service of `*' allows packets being sent from any UDP port. The default service is syslog. A missing masklen is substituted by the historic class A or class B netmasks if ipaddr belongs to the address range of class A or B, respectively, or by 24 otherwise.

domainname[:service]

Accept datagrams where the reverse address lookup yields domainname for the sender address. The meaning of service is explained above.

*domainname[:service]

Same as the previous option, except that any source host whose name ends in domainname will get permission.

-d

Put syslogd into debugging mode (probably useful only to developers working on syslogd).

-f

Specify the pathname of an alternate configuration file. The default is /etc/syslog.conf.

-m

Select the number of minutes between mark messages. The default is 20 minutes.

-p

Specify the pathname of an alternate log socket to be used. The default is /var/run/log.

-l

Specify the location in which syslogd should place an additional log socket. Up to 19 additional logging sockets can be specified. The primary use for this is to place additional log sockets in /var/run/log of various chroot filespaces.

-s

Operate in secure mode. Do not log messages from remote machines. If specified twice, no network socket will be opened at all, also disabling logging to remote machines.

-u

Unique priority logging. Log messages at the specified priority only. Without this option, messages at the stated priority or higher are logged. This option changes the default comparison from => to =.

-v

Verbose logging. If specified once, the numeric facility and priority are logged with each locally written message. If specified more than once, the names of the facility and priority are logged with each locally written message.

The syslogd daemon reads its configuration file when it starts up and whenever it receives a hangup signal. For information on the format of the configuration file, see syslog.conf(4CC).

The syslogd daemon reads messages from the UNIX domain socket /var/run/log, from an Internet domain socket specified in /etc/services, and from the special device /dev/klog (to read microkernel messages).

The syslogd daemon creates the file /var/run/syslog.pid, in which it stores its process id. This can be used to kill or reconfigure syslogd.

The message sent to syslogd should consist of a single line. The message can contain a priority code, which should be a preceding decimal number in angle brackets, for example, <5>. This priority code should map into the priorities defined in the include file <sys/syslog.h>.

FILES

/etc/syslog.conf

configuration file

/var/run/syslog.pid

process id of current syslogd

/var/run/log

name of the UNIX domain datagram log socket

/dev/klog

microkernel log device

SEE ALSO

logger(1M), syslog(3STDC), services(4CC), syslog.conf(4CC)

BUGS

The ability to log messages received in UDP packets is equivalent to an unauthenticated remote disk-filling service, and should probably be disabled by default. Some sort of inter-syslogd authentication mechanism ought to be worked out. To prevent the worst abuse, use of the -a option is therefore highly recommended.

The -a matching algorithm is not very efficient. Use of numeric IP addresses is faster than domain name comparison. Since the allowed peer list is being walked linearly, peer groups from which frequent messages are being anticipated should be put into the -a list.

The log socket was moved from /dev to ease the use of a read-only root filesystem. This may confuse some old binaries so that a symbolic link might be used for a transitional period.

NAME | SYNOPSIS | DESCRIPTION | FILES | SEE ALSO | BUGS