|SYSLOGD(8)||System Manager's Manual||SYSLOGD(8)|
syslogdwrites system messages to log files or a user's terminal. Output can be sent to other programs for further processing. It can also securely send and receive log messages to and from remote hosts.
The options are as follows:
syslogdto use only IPv4 addresses for UDP.
syslogdto use only IPv6 addresses for UDP.
syslogdshould place an additional log socket. The primary use for this is to place additional log sockets in /dev/log of various chroot filespaces, though the need for these is less urgent after the introduction of sendsyslog(2).
-uoption on a loghost with no DNS cache. Messages from the local host will still be logged with the symbolic local host name.
AF_LOCALsocket for use in reporting logs stored in memory buffers using syslogc(8).
-U can be given more
than once to specify multiple input sources.
syslogd reads its configuration file,
syslog.conf(5), when it
starts up and whenever it receives a hangup signal. It creates the file
/var/run/syslog.pid and stores its process ID there.
The PID can be used to kill or reconfigure
syslogd opens a UDP socket, as specified
in /etc/services, for sending forwarded messages. By
default all incoming data on this socket is discarded. If insecure mode is
switched on with
-u, it will also read messages from
syslogd also opens and reads messages
from the UNIX-domain socket
/dev/log, and from the special device
/dev/klog (to read kernel messages), and from
sendsyslog(2) (to read
messages from userland processes).
The message sent to
syslogd should consist
of a single line. The message can contain a priority code, which should be a
preceding decimal number in angle braces, for example,
“<5>”. This priority code should map into the priorities
defined in the include file
When sending syslog messages to a remote loghost via TLS, the
server's certificate and hostname are validated to prevent malicious servers
from reading messages. If the server has a certificate with a matching
hostname signed by a CA in /etc/ssl/cert.pem, it is
verified with that by default. If the server has a certificate with a
matching hostname signed by a private CA, use the
option and put that CA into CAfile. Validation can be
explicitly turned off using the
-V option. If the
server is accepting messages only from clients with a trusted client
certificate, use the
-c options to authenticate
syslogd with this certificate.
When receiving syslog messages from a TLS client, there must be a
server key and certificate in
If the client uses certificates to authenticate, the CA of the client's
certificate may be added to CAfile using the
-K option to protect from messages being spoofed by
syslogdcommand appeared in 4.3BSD.
syslogddoes not create files, it only logs to existing ones.
|January 2, 2017||OpenBSD-6.1|