NAME
syslogd
—
log systems messages
SYNOPSIS
syslogd |
[-46dFhnuV ]
[-a path]
[-C CAfile]
[-c cert_file]
[-f config_file]
[-k key_file]
[-m mark_interval]
[-p log_socket]
[-S listen_address]
[-s reporting_socket]
[-T listen_address]
[-U bind_address] |
DESCRIPTION
syslogd
reads and logs messages to the
system console, log files, pipes to other programs, other machines and/or
users as specified by its configuration file.
The options are as follows:
-4
- Forces
syslogd
to use only IPv4 addresses for UDP. -6
- Forces
syslogd
to use only IPv6 addresses for UDP. -a
path- Specify a location where
syslogd
should place an additional log socket. Up to 20 additional logging sockets can be specified. The primary use for this is to place additional log sockets in /dev/log of various chroot filespaces, though the need for these is less urgent after the introduction of sendsyslog(2). -C
CAfile- PEM encoded file containing CA certificates used for certificate validation; the default is /etc/ssl/cert.pem.
-c
cert_file- PEM encoded file containing the client certificate for TLS connections to
a remote host. The default is not to use a client certificate for the
connection to a syslog server. This option has to be used together with
-k
key_file. -d
- Enable debugging to the standard output, and do not disassociate from the controlling terminal.
-F
- Run in the foreground instead of disassociating from the controlling terminal and running as a background daemon.
-f
config_file- Specify the pathname of an alternate configuration file; the default is /etc/syslog.conf.
-h
- Include the hostname when forwarding messages to a remote host.
-k
key_file- PEM encoded file containing the client private key for TLS connections to
a remote host. This option has to be used together with
-c
cert_file. -m
mark_interval- Select the number of minutes between “mark” messages; the default is 20 minutes.
-n
- Print source addresses numerically rather than symbolically. This saves an
address-to-name lookup for each incoming message, which can be useful when
combined with the
-u
option on a loghost with no DNS cache. Messages from the local host will still be logged with the symbolic local host name. -p
log_socket- Specify the pathname of an alternate log socket to be used instead; the default is /dev/log.
-S
listen_address- Create a TLS listen socket for receiving encrypted messages and bind it to the specified address. A port number may be specified using the host:port syntax. The syslog server will attempt to look up a private key in /etc/ssl/private/host:port.key and a public certificate in /etc/ssl/host:port.crt, where host is the specified host name or IP address and port is the specified port if given on the command line. If these files are not present, syslogd will continue to look in /etc/ssl/private/host.key and /etc/ssl/host.crt.
-s
reporting_socket- Specify path to an
AF_LOCAL
socket for use in reporting logs stored in memory buffers using syslogc(8). -T
listen_address- Create a TCP listen socket for receiving messages and bind it to the specified address. There is no well-known port for syslog over TCP, so a port number must be specified using the host:port syntax.
-U
bind_address- Create a UDP socket for receiving messages and bind it to the specified address. This can be used, for example, with a pf divert-to rule to receive packets when syslogd is bound to localhost. A port number may be specified using the host:port syntax.
-u
- Select the historical “insecure” mode, in which syslogd will accept input from the UDP port. Some software wants this, but you can be subjected to a variety of attacks over the network, including attackers remotely filling logs.
-V
- Do not perform server certificate and hostname validation.
syslogd
reads its configuration file when
it starts up and whenever it receives a hangup signal. For information on
the format of the configuration file, see
syslog.conf(5).
syslogd
creates the file
/var/run/syslog.pid, and stores its process ID
there. This can be used to kill or reconfigure
syslogd
.
syslogd
opens an Internet domain socket as
specified in /etc/services. Normally
syslogd
will only use this socket to send messages
outwards, but in “insecure” mode it will also read messages
from this socket. syslogd
also opens and reads
messages from the UNIX-domain socket
/dev/log, and from the special device
/dev/klog (to read kernel messages).
syslogd
opens the above described socket
whether or not it is running in secure mode. If
syslogd
is running in secure mode, all incoming data
on this socket is discarded. The socket is required for sending forwarded
messages.
The message sent to syslogd
should consist
of a single line. The message can contain a priority code, which should be a
preceding decimal number in angle braces, for example,
“<5>”. This priority code should map into the priorities
defined in the include file
<sys/syslog.h>
.
FILES
- /etc/syslog.conf
- configuration file
- /var/run/syslog.pid
- process ID of current
syslogd
- /dev/log
- name of the UNIX-domain datagram log socket
- /dev/klog
- kernel log device
SEE ALSO
logger(1), syslog(3), services(5), syslog.conf(5), newsyslog(8), syslogc(8)
HISTORY
The syslogd
command appeared in
4.3BSD.
CAVEATS
syslogd
does not create files, it only
logs to existing ones.