1.\" $OpenBSD: syslogd.8,v 1.21 2004/12/02 21:58:57 jmc Exp $ 2.\" 3.\" Copyright (c) 1983, 1986, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" from: @(#)syslogd.8 8.1 (Berkeley) 6/6/93 31.\" $NetBSD: syslogd.8,v 1.3 1996/01/02 17:41:48 perry Exp $ 32.\" 33.Dd June 6, 1993 34.Dt SYSLOGD 8 35.Os 36.Sh NAME 37.Nm syslogd 38.Nd log systems messages 39.Sh SYNOPSIS 40.Nm syslogd 41.Bk -words 42.Op Fl dnu 43.Op Fl a Ar path 44.Op Fl f Ar config_file 45.Op Fl m Ar mark_interval 46.Op Fl p Ar log_socket 47.Op Fl s Ar reporting_socket 48.Ek 49.Sh DESCRIPTION 50.Nm 51reads and logs messages to the system console, log files, other 52machines and/or users as specified by its configuration file. 53.Pp 54The options are as follows: 55.Bl -tag -width Ds 56.It Fl a Pa path 57Specify a location where 58.Nm 59should place an additional log socket. 60Up to about 20 additional logging sockets can be specified. 61The primary use for this is to place additional log sockets in 62.Pa /dev/log 63of various chroot filespaces. 64.It Fl d 65Enable debugging to the standard output, 66and do not disassociate from the controlling terminal. 67.It Fl f Ar config_file 68Specify the pathname of an alternate configuration file; 69the default is 70.Pa /etc/syslog.conf . 71.It Fl m Ar mark_interval 72Select the number of minutes between 73.Dq mark 74messages; the default is 20 minutes. 75.It Fl n 76Print source addresses numerically rather than symbolically. 77This saves an address-to-name lookup for each incoming message, 78which can be useful when combined with the 79.Fl u 80option on a loghost with no DNS cache. 81Messages from the local host will still be logged with 82the symbolic local host name. 83.It Fl p Ar log_socket 84Specify the pathname of an alternate log socket to be used instead; 85the default is 86.Pa /dev/log . 87.It Fl s Ar reporting_socket 88Specify path to an 89.Dv AF_LOCAL 90socket for use in reporting logs stored in memory buffers using 91.Xr syslogc 8 . 92.It Fl u 93Select the historical 94.Dq insecure 95mode, in which syslogd will 96accept input from the UDP port. 97Some software wants this, but you can be subjected to a variety of 98attacks over the network, including attackers remotely filling logs. 99.El 100.Pp 101.Nm 102reads its configuration file when it starts up and whenever it 103receives a hangup signal. 104For information on the format of the configuration file, 105see 106.Xr syslog.conf 5 . 107.Pp 108.Nm 109creates the file 110.Pa /var/run/syslog.pid , 111and stores its process ID there. 112This can be used to kill or reconfigure 113.Nm syslogd . 114.Pp 115.Nm 116opens an Internet domain socket as specified 117in 118.Pa /etc/services . 119Normally 120.Nm 121will only use this socket to send messages outwards, but in 122.Dq insecure 123mode it will also read messages from this socket. 124.Nm 125also opens and reads messages from the 126.Tn UNIX 127domain socket 128.Pa /dev/log , 129and from the special device 130.Pa /dev/klog 131(to read kernel messages). 132.Pp 133.Nm 134opens the above described socket whether or not it is 135running in secure mode. 136If 137.Nm 138is running in secure mode, all incoming data on this socket is discarded. 139The socket is required for sending forwarded messages. 140.Pp 141The message sent to 142.Nm 143should consist of a single line. 144The message can contain a priority code, which should be a preceding 145decimal number in angle braces, for example, 146.Dq Aq 5 . 147This priority code should map into the priorities defined in the 148include file 149.Aq Pa sys/syslog.h . 150.Sh FILES 151.Bl -tag -width /var/run/syslog.pid -compact 152.It Pa /etc/syslog.conf 153configuration file 154.It Pa /var/run/syslog.pid 155process ID of current 156.Nm syslogd 157.It Pa /dev/log 158name of the 159.Tn UNIX 160domain datagram log socket 161.It Pa /dev/klog 162kernel log device 163.El 164.Sh SEE ALSO 165.Xr logger 1 , 166.Xr syslog 3 , 167.Xr services 5 , 168.Xr syslog.conf 5 , 169.Xr newsyslog 8 , 170.Xr syslogc 8 171.Sh HISTORY 172The 173.Nm 174command appeared in 175.Bx 4.3 . 176