SYSLOGD(8) | System Manager's Manual | SYSLOGD(8) |
syslogd
— log
system messages
syslogd |
[-46dFhnruVZ ]
[-a path]
[-C CAfile]
[-c cert_file]
[-f config_file]
[-K CAfile]
[-k key_file]
[-m mark_interval]
[-p log_socket]
[-S listen_address]
[-s reporting_socket]
[-T listen_address]
[-U bind_address] |
syslogd
writes system messages to log
files or a user's terminal. Output can be sent to other programs for further
processing. It can also securely send and receive log messages to and from
remote hosts.
The options are as follows:
-4
syslogd
to use only IPv4 addresses for
UDP.-6
syslogd
to use only IPv6 addresses for
UDP.-a
pathsyslogd
should place an
additional log socket. The primary use for this is to place additional log
sockets in /dev/log of various chroot filespaces,
though the need for these is less urgent after the introduction of
sendsyslog(2).-C
CAfile-c
cert_file-k
key_file.-d
-F
-f
config_file-h
-K
CAfile-k
key_file-c
cert_file.-m
mark_interval-n
-u
option on a loghost with no
DNS cache. Messages from the local host will still be logged with the
symbolic local host name.-p
log_socket-r
-S
listen_address-s
reporting_socket-T
listen_address-U
bind_addresssyslogd
is bound to
localhost. A port number may be specified using the
host:port syntax.-u
syslogd
will accept input from the UDP port. Some
software wants this, but you can be subjected to a variety of attacks over
the network, including attackers remotely filling logs.-V
-Z
The options -a
,
-S
, -T
, and
-U
can be given more than once to specify multiple
input sources.
When starting up, syslogd
reads its
configuration file,
syslog.conf(5), and
opens the configured logfiles and TCP and TLS connections. The logfiles
already have to exist with the correct permissions. When receiving a
SIGHUP
signal, it closes all open logfiles and
outgoing TCP and TLS connections and re-runs this initialization sequence.
Sending this signal is required both after editing the configuration file
and after log rotation.
syslogd
opens a UDP socket, as specified
in /etc/services, for sending forwarded messages. By
default all incoming data on this socket is discarded. If insecure mode is
switched on with -u
, it will also read messages from
the socket. syslogd
also opens and reads messages
from the UNIX-domain socket
/dev/log, and from the special device
/dev/klog (to read kernel messages), and from
sendsyslog(2) (to read
messages from userland processes).
The message sent to syslogd
should consist
of a single line. Embedded new line characters are converted to spaces;
binary data is encoded by
vis(3). The message can contain
a priority code, which should be a preceding decimal number in angle braces,
for example, “<5>”. This priority code should map into
the priorities defined in the include file
<sys/syslog.h>
.
When sending syslog messages to a remote loghost via TLS, the
server's certificate and hostname are validated to prevent malicious servers
from reading messages. If the server has a certificate with a matching
hostname signed by a CA in /etc/ssl/cert.pem, it is
verified with that by default. If the server has a certificate with a
matching hostname signed by a private CA, use the -C
option and put that CA into CAfile. Validation can be
explicitly turned off using the -V
option. If the
server is accepting messages only from clients with a trusted client
certificate, use the -k
and
-c
options to authenticate
syslogd
with this certificate.
When receiving syslog messages from a TLS client, there must be a
server key and certificate in
/etc/ssl/private/host[:port].key
and
/etc/ssl/host[:port].crt.
If the client uses certificates to authenticate, the CA of the client's
certificate may be added to CAfile using the
-K
option to protect from messages being spoofed by
malicious senders.
syslogd
.logger(1), syslog(3), services(5), syslog.conf(5), newsyslog(8), syslogc(8)
The syslogd
command appeared in
4.3BSD.
syslogd
does not create files, it only
logs to existing ones.
September 27, 2018 | OpenBSD-6.9 |