|SYSLOGD(8)||System Manager's Manual||SYSLOGD(8)|
syslogdwrites system messages to log files or a user's terminal. Output can be sent to other programs for further processing. It can also securely send and receive log messages to and from remote hosts. The options are as follows:
syslogdto use only IPv4 addresses for UDP.
syslogdto use only IPv6 addresses for UDP.
syslogdshould place an additional log socket. The primary use for this is to place additional log sockets in /dev/log of various chroot filespaces, though the need for these is less urgent after the introduction of sendsyslog(2).
-uoption on a loghost with no DNS cache. Messages from the local host will still be logged with the symbolic local host name.
syslogdis bound to localhost. A port number may be specified using the host:port syntax.
syslogdwill accept input from the UDP port. Some software wants this, but you can be subjected to a variety of attacks over the network, including attackers remotely filling logs.
-Ucan be given more than once to specify multiple input sources. When starting up,
syslogdreads its configuration file, syslog.conf(5), and opens the configured logfiles and TCP and TLS connections. The logfiles already have to exist with the correct permissions. When receiving a
SIGHUPsignal, it closes all open logfiles and outgoing TCP and TLS connections and re-runs this initialization sequence. Sending this signal is required both after editing the configuration file and after log rotation.
syslogdopens a UDP socket, as specified in /etc/services, for sending forwarded messages. By default all incoming data on this socket is discarded. If insecure mode is switched on with
-u, it will also read messages from the socket.
syslogdalso opens and reads messages from the UNIX-domain socket /dev/log, and from the special device /dev/klog (to read kernel messages), and from sendsyslog(2) (to read messages from userland processes). The message sent to
syslogdshould consist of a single line. Embedded new line characters are converted to spaces; binary data is encoded by vis(3). The message can contain a priority code, which should be a preceding decimal number in angle braces, for example, “<5>”. This priority code should map into the priorities defined in the include file
<sys/syslog.h>. When sending syslog messages to a remote loghost via TLS, the server's certificate and hostname are validated to prevent malicious servers from reading messages. If the server has a certificate with a matching hostname signed by a CA in /etc/ssl/cert.pem, it is verified with that by default. If the server has a certificate with a matching hostname signed by a private CA, use the
-Coption and put that CA into CAfile. Validation can be explicitly turned off using the
-Voption. If the server is accepting messages only from clients with a trusted client certificate, use the
-coptions to authenticate
syslogdwith this certificate. When receiving syslog messages from a TLS client, there must be a server key and certificate in /etc/ssl/private/host[
-Koption to protect from messages being spoofed by malicious senders.
syslogdcommand appeared in 4.3BSD.
syslogddoes not create files, it only logs to existing ones.
|September 27, 2018||OpenBSD-current|