.\" SUCH DAMAGE.
.\"
.\" @(#)syslogd.8 8.1 (Berkeley) 6/6/93
+.\" $FreeBSD: src/usr.sbin/syslogd/syslogd.8,v 1.49 2002/12/12 17:26:04 ru Exp $
.\"
-.Dd June 6, 1993
+.Dd November 24, 2001
.Dt SYSLOGD 8
-.Os BSD 4.2
+.Os
.Sh NAME
.Nm syslogd
.Nd log systems messages
.Sh SYNOPSIS
-.Nm syslogd
+.Nm
+.Op Fl 46Acdknosuv
+.Op Fl a Ar allowed_peer
+.Op Fl b Ar bind_address
.Op Fl f Ar config_file
+.Op Fl l Ar path
.Op Fl m Ar mark_interval
+.Op Fl P Ar pid_file
.Op Fl p Ar log_socket
.Sh DESCRIPTION
-.Nm Syslogd
-reads and logs messages to the system console, log files, other
+The
+.Nm
+utility reads and logs messages to the system console, log files, other
machines and/or users as specified by its configuration file.
+.Pp
The options are as follows:
-.Bl -tag -width Ds
+.Bl -tag -width indent
+.It Fl 4
+Force
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Force
+.Nm
+to use IPv6 addresses only.
+.It Fl A
+Ordinarily,
+.Nm
+tries to send the message to only one address
+even if the host has more than one A or AAAA record.
+If this option is specified,
+.Nm
+tries to send the message to all addresses.
+.It Fl a Ar allowed_peer
+Allow
+.Ar allowed_peer
+to log to this
+.Nm
+using UDP datagrams. Multiple
+.Fl a
+options may be specified.
+.Pp
+.Ar Allowed_peer
+can be any of the following:
+.Bl -tag -width "ipaddr/masklen[:service]XX"
+.It Xo
+.Sm off
+.Ar ipaddr
+.No / Ar masklen
+.Op : Ar service
+.Sm on
+.Xc
+Accept datagrams from
+.Ar ipaddr
+(in the usual dotted quad notation) with
+.Ar masklen
+bits being taken into account when doing the address comparison.
+.Ar ipaddr
+can be also IPv6 address by enclosing the address with
+.Ql \&[
+and
+.Ql \&] .
+If specified,
+.Ar service
+is the name or number of an UDP service (see
+.Xr services 5 )
+the source packet must belong to. A
+.Ar service
+of
+.Ql \&*
+allows packets being sent from any UDP port. The default
+.Ar service
+is
+.Ql syslog .
+If
+.Ar ipaddr
+is IPv4 address, a missing
+.Ar masklen
+will be substituted by the historic class A or class B netmasks if
+.Ar ipaddr
+belongs into the address range of class A or B, respectively, or
+by 24 otherwise. If
+.Ar ipaddr
+is IPv6 address, a missing
+.Ar masklen
+will be substituted by 128.
+.It Xo
+.Sm off
+.Ar domainname Op : Ar service
+.Sm on
+.Xc
+Accept datagrams where the reverse address lookup yields
+.Ar domainname
+for the sender address. The meaning of
+.Ar service
+is as explained above.
+.It Xo
+.Sm off
+.No * Ar domainname Op : Ar service
+.Sm on
+.Xc
+Same as before, except that any source host whose name
+.Em ends
+in
+.Ar domainname
+will get permission.
+.El
+.Pp
+The
+.Fl a
+options are ignored if the
+.Fl s
+option is also specified.
+.It Fl b Ar bind_address
+Specify one specific IP address or hostname to bind to.
+If a hostname is specified,
+the IPv4 or IPv6 address which corresponds to it is used.
+.It Fl c
+Disable the compression of repeated instances of the same line
+into a single line of the form
+.Dq Li "last message repeated N times"
+when the output is a pipe to another program.
+If specified twice, disable this compression in all cases.
+.It Fl d
+Put
+.Nm
+into debugging mode. This is probably only of use to developers working on
+.Nm .
.It Fl f
Specify the pathname of an alternate configuration file;
the default is
.Pa /etc/syslog.conf .
+.It Fl k
+Disable the translation of
+messages received with facility
+.Dq kern
+to facility
+.Dq user .
+Usually the
+.Dq kern
+facility is reserved for messages read directly from
+.Pa /dev/klog .
.It Fl m
-Select the number of minutes between ``mark'' messages;
-the default is 20 minutes.
+Select the number of minutes between
+.Dq mark
+messages; the default is 20 minutes.
+.It Fl n
+Disable dns query for every request.
+.It Fl o
+Prefix kernel messages with the full kernel boot file as determined by
+.Xr getbootfile 3 .
+Without this, the kernel message prefix is always
+.Dq Li kernel: .
.It Fl p
-Specify the pathname of an alternate log socket;
+Specify the pathname of an alternate log socket to be used instead;
the default is
-.Pa /var/run/syslog .
+.Pa /var/run/log .
+.It Fl P
+Specify an alternative file in which to store the process ID.
+The default is
+.Pa /var/run/syslog.pid .
+.It Fl l
+Specify a location where
+.Nm
+should place an additional log socket.
+Up to 19 additional logging sockets can be specified.
+The primary use for this is to place additional log sockets in
+.Pa /var/run/log
+of various chroot filespaces.
+.It Fl s
+Operate in secure mode. Do not log messages from remote machines. If
+specified twice, no network socket will be opened at all, which also
+disables logging to remote machines.
+.It Fl u
+Unique priority logging. Only log messages at the specified priority.
+Without this option, messages at the stated priority or higher are logged.
+This option changes the default comparison from
+.Dq =>
+to
+.Dq = .
+.It Fl v
+Verbose logging. If specified once, the numeric facility and priority are
+logged with each locally-written message. If specified more than once,
+the names of the facility and priority are logged with each locally-written
+message.
.El
.Pp
-.Nm Syslogd
-reads its configuration file when it starts up and whenever it
+The
+.Nm
+utility reads its configuration file when it starts up and whenever it
receives a hangup signal.
For information on the format of the configuration file,
see
.Xr syslog.conf 5 .
.Pp
-.Nm Syslogd
-reads messages from the
-.Tn UNIX
+The
+.Nm
+utility reads messages from the
+.Ux
domain socket
-.Pa /var/run/syslog ,
+.Pa /var/run/log ,
from an Internet domain socket specified in
.Pa /etc/services ,
and from the special device
.Pa /dev/klog
(to read kernel messages).
.Pp
-.Nm Syslogd
-creates the file
+The
+.Nm
+utility creates its process ID file,
+by default
.Pa /var/run/syslog.pid ,
and stores its process
-id there.
+ID there.
This can be used to kill or reconfigure
-.Nm syslogd .
+.Nm .
.Pp
The message sent to
-.Nm syslogd
+.Nm
should consist of a single line.
The message can contain a priority code, which should be a preceding
decimal number in angle braces, for example,
-.Sq Aq 5.
+.Sq Aq 5 .
This priority code should map into the priorities defined in the
include file
.Aq Pa sys/syslog.h .
+.Pp
+For security reasons,
+.Nm
+will not append to log files that do not exist;
+therefore, they must be created manually before running
+.Nm .
.Sh FILES
.Bl -tag -width /var/run/syslog.pid -compact
.It Pa /etc/syslog.conf
-The configuration file.
+configuration file
.It Pa /var/run/syslog.pid
-The process id of current
-.Nm syslogd .
-.It Pa /var/run/syslog
-Name of the
-.Tn UNIX
-domain datagram log socket.
+default process ID file
+.It Pa /var/run/log
+name of the
+.Ux
+domain datagram log socket
.It Pa /dev/klog
-The kernel log device.
+kernel log device
.El
.Sh SEE ALSO
.Xr logger 1 ,
.Sh HISTORY
The
.Nm
-command appeared in
+utility appeared in
.Bx 4.3 .
+.Pp
+The
+.Fl a ,
+.Fl s ,
+.Fl u ,
+and
+.Fl v
+options are
+.Fx 2.2
+extensions.
+.Sh BUGS
+The ability to log messages received in UDP packets is equivalent to
+an unauthenticated remote disk-filling service, and should probably be
+disabled by default. Some sort of
+.No inter- Ns Nm syslogd
+authentication mechanism ought to be worked out. To prevent the worst
+abuse, use of the
+.Fl a
+option is therefore highly recommended.
+.Pp
+The
+.Fl a
+matching algorithm doesn't pretend to be very efficient; use of numeric
+IP addresses is faster than domain name comparison. Since the allowed
+peer list is being walked linearly, peer groups where frequent messages
+are being anticipated from should be put early into the
+.Fl a
+list.
+.Pp
+The log socket was moved from
+.Pa /dev
+to ease the use of a read-only root file system.
+This may confuse
+some old binaries so that a symbolic link might be used for a
+transitional period.
projects / apple / network_cmds.git / blobdiff