[apple/syslog.git] / util.tproj / syslog.1

.\" Copyright (c) 2004 Apple Computer
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 4. Neither the name of Apple Computer nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"
.Dd October 18, 2004
.Dt SYSLOG 1
.Os "Mac OS X"
.Sh NAME
.Nm syslog
.Nd Apple System Log utility
.Sh SYNOPSIS
.Nm
.Fl help
.D1 ""
.Nm
.Fl s
.Op Fl r Ar host
.Op Fl l Ar level
message...
.D1 ""
.Nm
.Fl s
.Op Fl r Ar host
.Fl k
key val
.Op key val 
.Li ...
.D1 ""
.Nm
.Op Fl w
.Op Fl F Ar format
.Ar expression
.D1 ""
.Nm
.Fl p Ar expression
.D1 ""
.Nm
.Fl c Ar process Op filter
.Sh DESCRIPTION
.Nm
is a command-line utility for a variety of tasks relating to the Apple System Log facility.
It provides mechanisms for sending and viewing log messages,
pruning the contents of the system's log message data store,
and for controlling the flow of log messages from client processes.
.Pp
When invoked with the
.Fl help
option, 
.Nm 
prints a usage message.
.Ss SENDING MESSAGES
The
.Fl s
option is used send log messages to the
.Xr syslogd 8
log message daemon,
either locally or to a remote server if the
.Fl r Ar host
option in used.
.Pp
There are two main forms of the command.
If the 
.Fl k
option is used, then it must be followed by a list of keys and values.
A structured message will be sent to the server with the keys and values given as arguments.
If a key or a value has embedded white space, it must be enclosed in quotes.
.Pp
If the 
.Fl k
option is not specified, then the rest of the command line is treated as the message text.
The text may be preceded by 
.Fl l Ar level
to set the log level (priority) of the message.
Levels may be an integer value corresponding the the log levels specified in 
.Xr syslog 3
or
.Xr asl 3 ,
or they may be a string.
String values are case insensitive, and should be one of:
.Pp
.Bl -tag -compact
.It Emergency
(level 0)
.It Alert
(level 1)
.It Critical
(level 2)
.It Error
(level 3)
.It Warning
(level 4)
.It Notice
(level 5)
.It Info
(level 6)
.It Debug
(level 7)
.El
.Pp
The string 
.Dq Panic
is an alias for 
.Dq Emergency .
.Nm
only requires one or two leading characters for a level specification.
A single character suffices in most cases.
Use 
.Dq P
or 
.Dq \&Em
for Panic / Emergency, and
.Dq \&Er
or
.Dq X
for Error).
.Ss READING MESSAGES
The 
.Nm syslogd
daemon receives messages from a variety of input sources.
Received messages are processed by a set of output modules,
each of which may act on messages in different ways.
.Pp
Two of the standard modules filter messages using criteria like the sender and the priority level of the message,
and write copies of these messages to different output streams.
One module does this filtering and filing task using the configuration specified in the
.Xr syslog.conf 5
file.
The output files specified in that configuration may be examined by any file printing or editing utility, 
e.g.
.Pp
.Dl cat /var/log/system.log
.Pp
Another module saves messages in a data store, which may be searched using the
.Nm
command.
.Pp
If invoked with no arguments,
.Nm
simply prints all of the messages saved in the data store.  If the
.Fl w
option is used, 
.Nm
waits for new messages to be added to the data store.
Messages already in the store are ignored.
This usage is similar to watching a log file using, e.g.
.Pp
.Dl tail -f /var/log/system.log
.Pp
Messages are printed in a format similar to that used in the system.log file,
except that the message priority level is printed between angle-brackets.
.Pp
The 
.Fl u
option forces all time stamps to be printed using UTC.
This overrides printing of time stamps using the local time zone.
.Pp
The output format may by changed by specifying the
.Fl F Ar format
option.
The value of
.Ar format 
may be one of the following:
.Pp
.Bl -tag -width "xxxx"
.It bsd
Format used by the
.Nm syslogd
daemon for system log files, e.g. /var/log/system.log.
.It std
Standard (default) format.
Similar to 
.Dq bsd ,
but includes the message priority level.
.It raw
Prints the complete message structure.
Each key/value pair is enclosed in square brackets.
Embedded closing brackets and white space are escaped.
Time stamps are printed using UTC rather than being converted to the local time zone.
.El
.Pp
The value of the
.Ar format
argument may also be a custom print format string.  
A custom format should in most cases be enclosed in single quotes to prevent the shell from substituting
special characters and breaking at white space.
.Pp
Custom format strings may include variables of the form
.Dq $Name
(or
.Dq $(Name)
if the variable is not delimited by whitespace)
which will be expanded to the associated with the named key.
For example, the command:
.Pp
.Dl syslog -F '$Time $Host $(Sender)[$(PID)]: $Message'
.Pp
produces output similar to the 
.Dq bsd
format.
.Pp
If no further command line options are specified,
.Nm
displays all messages,
either all those saved in the data store,
or all new messages if
.Fl w
is used.
However, an expression may be specified using the
.Fl k
and
.Fl o
options.
.Ss EXPRESSIONS
Expressions specify matching criteria.
They may be used when reading messages to filter for messages of interest.
Expressions are also required when pruning the system log file with the
.Fl p
option.
.Pp
A simple expression is a list of one or more key/value pairs.
A match is made when a message has the given value for the specified key.
For example, to find all messages send by the portmap process:
.Pp
.Dl syslog -k Sender portmap
.Pp
The
.Fl k
option may be followed by one, two, or three arguments. 
A single argument causes a match to occur if a message has the specified key, regardless of value.
If a pair of arguments is specified, a match occurs when a message has exactly the specified value for a given key.
If three arguments are given, they are of the form
.Fl k Ar key operation value .
.Nm
supports the following matching operators:
.Pp
.Bl -tag -width "xxx" -compact 
.It eq
equal
.It ne
not equal
.It gt
greater than
.It ge
greater than or equal to
.It lt
less than
.It le
less than or equal to
.El
.Pp
Additionally, the operator may be preceded by one or more of the following modifiers:
.Pp
.Bl -tag -width "xxx" -compact 
.It C
case-fold
.It R
regular expression (see 
.Xr regex 3 )
.It S
substring
.It A
prefix
.It Z
suffix
.It N
numeric comparison
.El
.Pp
An simple expression matches a message if all of the key-value operations match.
Logically, the result is an AND of all of key-value operations.
The 
.Fl o
option separates simple expressions and provides an OR operation.
If two or more simple expressions are given, separated by
.Fl o
options, then a match occurs is a message matches any of the simple expressions.
For example, to find all messages which have either a 
.Dq Sender
value of
.Dq portmap
or that have a numeric priority level of 4 or less:
.Pp
.Dl syslog -k Sender portmap -o -k Level Nle 4
.Pp
A special convention exists for matching time stamps.
An unsigned integer value is regarded as the given number of seconds since
0 hours, 0 minutes, 0 seconds, January 1, 1970, Coordinated Universal Time.
An negative integer value is regarded as the given number of seconds before the current time.
For example, to find all messages of priority level 3 (error) or less which were logged in the last 30 seconds:
.Pp
.Dl syslog -k Level Nle 3 -k Time ge -30
.Pp
a relative time value may be optionally followed by one of the characters 
.Dq s ,
.Dq m ,
.Dq h ,
.Dq d ,
or
.Dq w
to specify seconds, minutes, hours, days, or weeks respectively.
Upper case may be used equivalently.
A week is taken to be 7 complete days (i.e. 604800 seconds).
.Ss PRUNING
The Apple System Log facility saves received messages, subject to filtering criteria described in the 
FILTERING CONTROLS section below.  
Pruning is required to prevent unlimited growth of the data store.
.Pp
The 
.Nm syslogd
daemon itself will prune the data store shortly after it starts up.
See the 
.Xr syslogd 8
manual for more details on startup pruning.
During extended operation of
.Nm syslogd ,
pruning is accomplished by using the
.Fl p
option of 
.Nm syslog .
The 
.Fl p 
option must be followed by an expression (see above).
The contents of the data store are filtered using the given expression.
Messages that match the expression are deleted.
.Pp
A daily pruning operation is performed by the
.Nm cron
utility.
The command is specified in the /etc/periodic/daily/500.daily file.
.Ss FILTERING CONTROLS
Clients of the Apple System Log facility using either the
.Xr asl 3
or
.Xr syslog 3
interfaces may specify a log filter mask.
The mask specifies which messages should be sent to the
.Nm syslogd
daemon by specifying a yes/no setting for each priority level.
Many clients set a filter mask to avoid sending relatively unimportant messages.
Debug or Info priority level messages are generally only useful for debugging operations.
By setting a filter mask, a process can improve performance by avoiding spending
time sending messages that are in most cases unnecessary.
.Pp
The
.Fl c
option may be used to control filtering.
In addition to the internal filter value that processes may set as described above,
the system maintains a global 
.Dq master
filter.
This filter is normally 
.Dq off , 
meaning that it has no effect.
If a value is set for the master filter, it overrides the local filter for all processes. 
Root user access is required to set the master filter value.
.Pp
The current setting of the master filter mask may be inspected using:
.Pp
.Dl syslog -c 0
.Pp
The value of the master filter mask my be set by providing a second argument following
.Fl c Ar 0 .
The value may a set of characters from the set 
.Dq pacewnid .
These correspond to the priority levels Emergency (Panic), Alert, Critical, Error, Warning, Notice, Info, and Debug.
The character 
.Dq x
may be used for Error, as it is used for sending messages.
The master filter may be unset with:
.Pp
.Dl syslog -c 0 off
.Pp
Since it is common to use the filter as a 
.Dq cutoff
mechanism, for example to cut off messages with Debug and Info priority,
a single character from the list above may be specified, preceded by a minus sign.
In this case,
.Nm
uses a filter mask starting at level 0 (Emergency)
.Dq up to
the given level.
For example, to set the master filter level to cause all processes to log messages from Emergency up to Debug:
.Pp
.Dl syslog -c 0 -d
.Pp
While the master filter level may be set to control the messages produced by all processes,
another filter mask may be specified for an individual process. 
If a per-process filter mask is set, it overrides both the local filter mask and the master filter mask.
The current setting for a per-process filter mask may be inspected using
.Fl c Ar process ,
where
.Ar process
is either a PID or the name of a process.
If a name is used, it must uniquely identify a process.
To set a per-process filter mask, an second argument may be supplied following
.Fl c Ar process
as described above for the master filter mask.
Root access is required to set the per-process filter mask for system (UID 0) processes.
.Pp
The filtering described above takes place in the client library to determine which messages are sent to the
.Nm syslogd
daemon.
The daemon also contains a filter which determines which messages are saved in the data store.
Note that this additionally determines which messages are seen when reading messages using the
.Nm
utility.
.Pp
The default data store filter mask saves messages with priority levels from Emergency to Notice (level 0 to 5).
The level may be inspected using:
.Pp
.Dl syslog -c syslogd 
.Pp
To set the data store filter mask, an second argument may be supplied following
.Fl c Li syslog
as described above.
For example, to save messages with priority level Error or less in the data store:
.Pp
.Dl syslog -c syslog -e
.Sh SEE ALSO
.Xr syslogd 8 ,
.Xr logger 1 ,
.Xr asl 3 ,
.Xr syslog 3 ,
.Sh HISTORY
The
.Nm
utility appeared in Mac OS X 10.4.
Commit	Line	Data
b16a592a A	1	.\" Copyright (c) 2004 Apple Computer
	2	.\" All rights reserved.
	3	.\"
	4	.\" Redistribution and use in source and binary forms, with or without
	5	.\" modification, are permitted provided that the following conditions
	6	.\" are met:
	7	.\" 1. Redistributions of source code must retain the above copyright
	8	.\" notice, this list of conditions and the following disclaimer.
	9	.\" 2. Redistributions in binary form must reproduce the above copyright
	10	.\" notice, this list of conditions and the following disclaimer in the
	11	.\" documentation and/or other materials provided with the distribution.
	12	.\" 4. Neither the name of Apple Computer nor the names of its contributors
	13	.\" may be used to endorse or promote products derived from this software
	14	.\" without specific prior written permission.
	15	.\"
	16	.\" THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER AND CONTRIBUTORS ``AS IS'' AND
	17	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	18	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	19	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	20	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	21	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	22	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	23	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	24	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	25	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	26	.\" SUCH DAMAGE.
	27	.\"
	28	.\"
	29	.Dd October 18, 2004
	30	.Dt SYSLOG 1
	31	.Os "Mac OS X"
	32	.Sh NAME
	33	.Nm syslog
	34	.Nd Apple System Log utility
	35	.Sh SYNOPSIS
	36	.Nm
	37	.Fl help
	38	.D1 ""
	39	.Nm
	40	.Fl s
	41	.Op Fl r Ar host
	42	.Op Fl l Ar level
	43	message...
	44	.D1 ""
	45	.Nm
	46	.Fl s
	47	.Op Fl r Ar host
	48	.Fl k
	49	key val
	50	.Op key val
	51	.Li ...
	52	.D1 ""
	53	.Nm
	54	.Op Fl w
	55	.Op Fl F Ar format
	56	.Ar expression
	57	.D1 ""
	58	.Nm
	59	.Fl p Ar expression
	60	.D1 ""
	61	.Nm
	62	.Fl c Ar process Op filter
	63	.Sh DESCRIPTION
	64	.Nm
65	is a command-line utility for a variety of tasks relating to the Apple System Log facility.
66	It provides mechanisms for sending and viewing log messages,
67	pruning the contents of the system's log message data store,
68	and for controlling the flow of log messages from client processes.
69	.Pp
70	When invoked with the
71	.Fl help
72	option,
73	.Nm
74	prints a usage message.
75	.Ss SENDING MESSAGES
76	The
77	.Fl s
78	option is used send log messages to the
79	.Xr syslogd 8
80	log message daemon,
81	either locally or to a remote server if the
82	.Fl r Ar host
83	option in used.
84	.Pp
85	There are two main forms of the command.
86	If the
87	.Fl k
88	option is used, then it must be followed by a list of keys and values.
89	A structured message will be sent to the server with the keys and values given as arguments.
90	If a key or a value has embedded white space, it must be enclosed in quotes.
91	.Pp
92	If the
93	.Fl k
94	option is not specified, then the rest of the command line is treated as the message text.
95	The text may be preceded by
96	.Fl l Ar level
97	to set the log level (priority) of the message.
98	Levels may be an integer value corresponding the the log levels specified in
99	.Xr syslog 3
100	or
101	.Xr asl 3 ,
102	or they may be a string.
103	String values are case insensitive, and should be one of:
104	.Pp
105	.Bl -tag -compact
106	.It Emergency
107	(level 0)
108	.It Alert
109	(level 1)
110	.It Critical
111	(level 2)
112	.It Error
113	(level 3)
114	.It Warning
115	(level 4)
116	.It Notice
117	(level 5)
118	.It Info
119	(level 6)
120	.It Debug
121	(level 7)
122	.El
123	.Pp
124	The string
125	.Dq Panic
126	is an alias for
127	.Dq Emergency .
128	.Nm
129	only requires one or two leading characters for a level specification.
130	A single character suffices in most cases.
131	Use
132	.Dq P
133	or
134	.Dq \&Em
135	for Panic / Emergency, and
136	.Dq \&Er
137	or
138	.Dq X
139	for Error).
140	.Ss READING MESSAGES
141	The
142	.Nm syslogd
143	daemon receives messages from a variety of input sources.
144	Received messages are processed by a set of output modules,
145	each of which may act on messages in different ways.
146	.Pp
147	Two of the standard modules filter messages using criteria like the sender and the priority level of the message,
148	and write copies of these messages to different output streams.
149	One module does this filtering and filing task using the configuration specified in the
150	.Xr syslog.conf 5
151	file.
152	The output files specified in that configuration may be examined by any file printing or editing utility,
153	e.g.
154	.Pp
155	.Dl cat /var/log/system.log
156	.Pp
157	Another module saves messages in a data store, which may be searched using the
158	.Nm
159	command.
160	.Pp
161	If invoked with no arguments,
162	.Nm
163	simply prints all of the messages saved in the data store. If the
164	.Fl w
165	option is used,
166	.Nm
167	waits for new messages to be added to the data store.
168	Messages already in the store are ignored.
169	This usage is similar to watching a log file using, e.g.
170	.Pp
171	.Dl tail -f /var/log/system.log
172	.Pp
173	Messages are printed in a format similar to that used in the system.log file,
174	except that the message priority level is printed between angle-brackets.
175	.Pp
176	The
177	.Fl u
178	option forces all time stamps to be printed using UTC.
179	This overrides printing of time stamps using the local time zone.
180	.Pp
181	The output format may by changed by specifying the
182	.Fl F Ar format
183	option.
184	The value of
185	.Ar format
186	may be one of the following:
187	.Pp
188	.Bl -tag -width "xxxx"
189	.It bsd
190	Format used by the
191	.Nm syslogd
192	daemon for system log files, e.g. /var/log/system.log.
193	.It std
194	Standard (default) format.
195	Similar to
196	.Dq bsd ,
197	but includes the message priority level.
198	.It raw
199	Prints the complete message structure.
200	Each key/value pair is enclosed in square brackets.
201	Embedded closing brackets and white space are escaped.
202	Time stamps are printed using UTC rather than being converted to the local time zone.
203	.El
204	.Pp
205	The value of the
206	.Ar format
207	argument may also be a custom print format string.
208	A custom format should in most cases be enclosed in single quotes to prevent the shell from substituting
209	special characters and breaking at white space.
210	.Pp
211	Custom format strings may include variables of the form
212	.Dq $Name
213	(or
214	.Dq $(Name)
215	if the variable is not delimited by whitespace)
216	which will be expanded to the associated with the named key.
217	For example, the command:
218	.Pp
219	.Dl syslog -F '$Time $Host $(Sender)[$(PID)]: $Message'
220	.Pp
221	produces output similar to the
222	.Dq bsd
223	format.
224	.Pp
225	If no further command line options are specified,
226	.Nm
227	displays all messages,
228	either all those saved in the data store,
229	or all new messages if
230	.Fl w
231	is used.
232	However, an expression may be specified using the
233	.Fl k
234	and
235	.Fl o
236	options.
237	.Ss EXPRESSIONS
238	Expressions specify matching criteria.
239	They may be used when reading messages to filter for messages of interest.
240	Expressions are also required when pruning the system log file with the
241	.Fl p
242	option.
243	.Pp
244	A simple expression is a list of one or more key/value pairs.
245	A match is made when a message has the given value for the specified key.
246	For example, to find all messages send by the portmap process:
247	.Pp
248	.Dl syslog -k Sender portmap
249	.Pp
250	The
251	.Fl k
252	option may be followed by one, two, or three arguments.
253	A single argument causes a match to occur if a message has the specified key, regardless of value.
254	If a pair of arguments is specified, a match occurs when a message has exactly the specified value for a given key.
255	If three arguments are given, they are of the form
256	.Fl k Ar key operation value .
257	.Nm
258	supports the following matching operators:
259	.Pp
260	.Bl -tag -width "xxx" -compact
261	.It eq
262	equal
263	.It ne
264	not equal
265	.It gt
266	greater than
267	.It ge
268	greater than or equal to
269	.It lt
270	less than
271	.It le
272	less than or equal to
273	.El
274	.Pp
275	Additionally, the operator may be preceded by one or more of the following modifiers:
276	.Pp
277	.Bl -tag -width "xxx" -compact
278	.It C
279	case-fold
280	.It R
281	regular expression (see
282	.Xr regex 3 )
283	.It S
284	substring
285	.It A
286	prefix
287	.It Z
288	suffix
289	.It N
290	numeric comparison
291	.El
292	.Pp
293	An simple expression matches a message if all of the key-value operations match.
294	Logically, the result is an AND of all of key-value operations.
295	The
296	.Fl o
297	option separates simple expressions and provides an OR operation.
298	If two or more simple expressions are given, separated by
299	.Fl o
300	options, then a match occurs is a message matches any of the simple expressions.
301	For example, to find all messages which have either a
302	.Dq Sender
303	value of
304	.Dq portmap
305	or that have a numeric priority level of 4 or less:
306	.Pp
307	.Dl syslog -k Sender portmap -o -k Level Nle 4
308	.Pp
309	A special convention exists for matching time stamps.
310	An unsigned integer value is regarded as the given number of seconds since
311	0 hours, 0 minutes, 0 seconds, January 1, 1970, Coordinated Universal Time.
312	An negative integer value is regarded as the given number of seconds before the current time.
313	For example, to find all messages of priority level 3 (error) or less which were logged in the last 30 seconds:
314	.Pp
315	.Dl syslog -k Level Nle 3 -k Time ge -30
316	.Pp
317	a relative time value may be optionally followed by one of the characters
318	.Dq s ,
319	.Dq m ,
320	.Dq h ,
321	.Dq d ,
322	or
323	.Dq w
324	to specify seconds, minutes, hours, days, or weeks respectively.
325	Upper case may be used equivalently.
326	A week is taken to be 7 complete days (i.e. 604800 seconds).
327	.Ss PRUNING
328	The Apple System Log facility saves received messages, subject to filtering criteria described in the
329	FILTERING CONTROLS section below.
330	Pruning is required to prevent unlimited growth of the data store.
331	.Pp
332	The
333	.Nm syslogd
334	daemon itself will prune the data store shortly after it starts up.
335	See the
336	.Xr syslogd 8
337	manual for more details on startup pruning.
338	During extended operation of
339	.Nm syslogd ,
340	pruning is accomplished by using the
341	.Fl p
342	option of
343	.Nm syslog .
344	The
345	.Fl p
346	option must be followed by an expression (see above).
347	The contents of the data store are filtered using the given expression.
348	Messages that match the expression are deleted.
349	.Pp
350	A daily pruning operation is performed by the
351	.Nm cron
352	utility.
353	The command is specified in the /etc/periodic/daily/500.daily file.
354	.Ss FILTERING CONTROLS
355	Clients of the Apple System Log facility using either the
356	.Xr asl 3
357	or
358	.Xr syslog 3
359	interfaces may specify a log filter mask.
360	The mask specifies which messages should be sent to the
361	.Nm syslogd
362	daemon by specifying a yes/no setting for each priority level.
363	Many clients set a filter mask to avoid sending relatively unimportant messages.
364	Debug or Info priority level messages are generally only useful for debugging operations.
365	By setting a filter mask, a process can improve performance by avoiding spending
366	time sending messages that are in most cases unnecessary.
367	.Pp
368	The
369	.Fl c
370	option may be used to control filtering.
371	In addition to the internal filter value that processes may set as described above,
372	the system maintains a global
373	.Dq master
374	filter.
375	This filter is normally
376	.Dq off ,
377	meaning that it has no effect.
378	If a value is set for the master filter, it overrides the local filter for all processes.
379	Root user access is required to set the master filter value.
380	.Pp
381	The current setting of the master filter mask may be inspected using:
382	.Pp
383	.Dl syslog -c 0
384	.Pp
385	The value of the master filter mask my be set by providing a second argument following
386	.Fl c Ar 0 .
387	The value may a set of characters from the set
388	.Dq pacewnid .
389	These correspond to the priority levels Emergency (Panic), Alert, Critical, Error, Warning, Notice, Info, and Debug.
390	The character
391	.Dq x
392	may be used for Error, as it is used for sending messages.
393	The master filter may be unset with:
394	.Pp
395	.Dl syslog -c 0 off
396	.Pp
397	Since it is common to use the filter as a
398	.Dq cutoff
399	mechanism, for example to cut off messages with Debug and Info priority,
400	a single character from the list above may be specified, preceded by a minus sign.
401	In this case,
402	.Nm
403	uses a filter mask starting at level 0 (Emergency)
404	.Dq up to
405	the given level.
406	For example, to set the master filter level to cause all processes to log messages from Emergency up to Debug:
407	.Pp
408	.Dl syslog -c 0 -d
409	.Pp
410	While the master filter level may be set to control the messages produced by all processes,
411	another filter mask may be specified for an individual process.
412	If a per-process filter mask is set, it overrides both the local filter mask and the master filter mask.
413	The current setting for a per-process filter mask may be inspected using
414	.Fl c Ar process ,
415	where
416	.Ar process
417	is either a PID or the name of a process.
418	If a name is used, it must uniquely identify a process.
419	To set a per-process filter mask, an second argument may be supplied following
420	.Fl c Ar process
421	as described above for the master filter mask.
422	Root access is required to set the per-process filter mask for system (UID 0) processes.
423	.Pp
424	The filtering described above takes place in the client library to determine which messages are sent to the
425	.Nm syslogd
426	daemon.
427	The daemon also contains a filter which determines which messages are saved in the data store.
428	Note that this additionally determines which messages are seen when reading messages using the
429	.Nm
430	utility.
431	.Pp
432	The default data store filter mask saves messages with priority levels from Emergency to Notice (level 0 to 5).
433	The level may be inspected using:
434	.Pp
435	.Dl syslog -c syslogd
436	.Pp
437	To set the data store filter mask, an second argument may be supplied following
438	.Fl c Li syslog
439	as described above.
440	For example, to save messages with priority level Error or less in the data store:
441	.Pp
442	.Dl syslog -c syslog -e
443	.Sh SEE ALSO
444	.Xr syslogd 8 ,
445	.Xr logger 1 ,
446	.Xr asl 3 ,
447	.Xr syslog 3 ,
448	.Sh HISTORY
449	The
450	.Nm
451	utility appeared in Mac OS X 10.4.