1 .\" Copyright (c) 1985, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. Neither the name of the University nor the names of its contributors
13 .\" may be used to endorse or promote products derived from this software
14 .\" without specific prior written permission.
16 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 .\" @(#)syslog.3 8.1 (Berkeley) 6/4/93
39 .Nd control system log
45 .Fn syslog "int priority" "const char *message" "..."
47 .Fn openlog "const char *ident" "int logopt" "int facility"
51 .Fn setlogmask "int maskpri"
55 .Fn vsyslog "int priority" "const char *message" "va_list args"
62 to the system message logger.
63 The message is then written to the system console, log files,
64 logged-in users, or forwarded to other machines as appropriate.
68 The message is identical to a
70 format string, except that
72 is replaced by the current error
74 (As denoted by the global variable
78 A trailing newline is added if none is present.
83 is an alternate form in which the arguments have already been captured
84 using the variable-length argument facilities of
87 The message is tagged with
89 Priorities are encoded as a
93 The facility describes the part of the system
94 generating the message.
95 The level is selected from the following
98 .Bl -tag -width LOG_AUTHPRIV
101 This is normally broadcast to all users.
103 A condition that should be corrected immediately, such as a corrupted
106 Critical conditions, e.g., hard device errors.
112 Conditions that are not error conditions,
113 but should possibly be handled specially.
115 Informational messages.
117 Messages that contain information
118 normally of use only when debugging a program.
124 provides for more specialized processing of the messages sent
132 is a string that will be prepended to every message.
133 It may be formatted as
135 in which case decimal number
137 replaces the process id within messages.
141 is a bit field specifying logging options, which is formed by
143 one or more of the following values:
144 .Bl -tag -width LOG_AUTHPRIV
148 cannot pass the message to
150 it will attempt to write the message to the console
151 .Pq Dq Pa /dev/console .
153 Open the connection to
156 Normally the open is delayed until the first message is logged.
157 Useful for programs that need to manage the order in which file
158 descriptors are allocated.
160 Write the message to standard error output as well to the system log.
162 Log the process id with each message: useful for identifying
163 instantiations of daemons.
166 this option is enabled by default and cannot be disabled.
171 argument encodes a default facility to be assigned to all messages
172 that do not have an explicit facility encoded:
173 .Bl -tag -width LOG_AUTHPRIV
175 The authorization system:
183 but logged to a file readable only by
184 selected individuals.
188 by the kernel console output driver.
193 System daemons, such as
195 that are not provided for explicitly by other facilities.
197 The file transfer protocol daemons:
201 Messages generated by the kernel.
202 These cannot be generated by any user processes.
204 The line printer spooling system:
212 The network news system.
214 The network time protocol system.
216 Security subsystems, such as
219 Messages generated internally by
222 Messages generated by random user processes.
223 This is the default facility identifier if none is specified.
227 Reserved for local use.
237 can be used to close the log file.
242 sets the log priority mask to
244 and returns the previous mask.
247 with a priority not set in
250 The mask for an individual priority
252 is calculated by the macro
254 the mask for all priorities up to and including
256 is given by the macro
257 .Fn LOG_UPTO toppri ; .
258 The default allows all priorities to be logged.
270 always returns the previous log mask level.
272 .Bd -literal -offset indent -compact
273 syslog(LOG_ALERT, "who: internal error 23");
275 openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
277 setlogmask(LOG_UPTO(LOG_ERR));
279 syslog(LOG_INFO, "Connection from host %d", CallingHost);
281 syslog(LOG_ERR|LOG_LOCAL2, "foobar error: %m");
288 functions appeared in
291 Never pass a string with user-supplied data as a format without using
293 An attacker can put format specifiers in the string to mangle your stack,
294 leading to a possible security hole.
295 This holds true even if the string was built using a function like
297 as the resulting string may still contain user-supplied conversion specifiers
298 for later interpolation by
301 Always use the proper secure idiom:
303 .Dl syslog(priority, \*q%s\*q, string);