1 .\" Copyright (c) 1983, 1986, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)syslogd.8 8.1 (Berkeley) 6/6/93
40 .Nd log systems messages
44 .Op Fl a Ar allowed_peer
45 .Op Fl b Ar bind_address
46 .Op Fl f Ar config_file
47 .Op Fl m Ar mark_interval
48 .Op Fl p Ar log_socket
54 daemon reads and logs messages to the system console, log files, other
55 machines and/or users as specified by its configuration file.
57 The options are as follows:
58 .Bl -tag -width indent
62 to use IPv4 addresses only.
66 to use IPv6 addresses only.
70 tries to send the message to only one address
71 even if the host has more than one A or AAAA record.
72 If this option is specified,
74 tries to send the message to all addresses.
75 .It Fl a Ar allowed_peer
80 using UDP datagrams. Multiple
82 options may be specified.
85 can be any of the following:
86 .Bl -tag -width "ipaddr/masklen[:service]XX"
96 (in the usual dotted quad notation) with
98 bits being taken into account when doing the address comparison.
100 can be also IPv6 address by enclosing the address with
106 is the name or number of an UDP service (see
108 the source packet must belong to. A
112 allows packets being sent from any UDP port. The default
118 is IPv4 address, a missing
120 will be substituted by the historic class A or class B netmasks if
122 belongs into the address range of class A or B, respectively, or
125 is IPv6 address, a missing
127 will be substituted by 128.
130 .Ar domainname Op : Ar service
133 Accept datagrams where the reverse address lookup yields
135 for the sender address. The meaning of
137 is as explained above.
140 .No * Ar domainname Op : Ar service
143 Same as before, except that any source host whose name
152 options are ignored if the
154 option is also specified.
155 .It Fl b Ar bind_address
156 Specify one specific IP address or hostname to bind to.
157 If a hostname is specified,
158 the IPv4 or IPv6 address which corresponds to it is used.
162 into debugging mode. This is probably only of use to developers working on
165 Specify the pathname of an alternate configuration file;
167 .Pa /etc/syslog.conf .
169 Disable the translation of
170 messages received with facility
176 facility is reserved for messages read directly from
179 Select the number of minutes between
181 messages; the default is 20 minutes.
183 Disable dns query for every request.
185 Prefix kernel messages with the full kernel boot file as determined by
187 Without this, the kernel message prefix is always
190 Specify the pathname of an alternate log socket to be used instead;
194 Specify an alternative file in which to store the process ID.
196 .Pa /var/run/syslog.pid .
198 Specify a location where
200 should place an additional log socket.
201 Up to 19 additional logging sockets can be specified.
202 The primary use for this is to place additional log sockets in
204 of various chroot filespaces.
206 Operate in secure mode. Do not log messages from remote machines. If
207 specified twice, no network socket will be opened at all, which also
208 disables logging to remote machines.
210 Unique priority logging. Only log messages at the specified priority.
211 Without this option, messages at the stated priority or higher are logged.
212 This option changes the default comparison from
217 Verbose logging. If specified once, the numeric facility and priority are
218 logged with each locally-written message. If specified more than once,
219 the names of the facility and priority are logged with each locally-written
225 daemon reads its configuration file when it starts up and whenever it
226 receives a hangup signal.
227 For information on the format of the configuration file,
233 daemon reads messages from the
237 from an Internet domain socket specified in
239 and from the special device
241 (to read kernel messages).
245 daemon creates its process ID file,
247 .Pa /var/run/syslog.pid ,
248 and stores its process
250 This can be used to kill or reconfigure
255 should consist of a single line.
256 The message can contain a priority code, which should be a preceding
257 decimal number in angle braces, for example,
259 This priority code should map into the priorities defined in the
261 .Aq Pa sys/syslog.h .
263 For security reasons,
265 will not append to log files that do not exist;
266 therefore, they must be created manually before running
269 .Bl -tag -width /var/run/syslog.pid -compact
270 .It Pa /etc/syslog.conf
272 .It Pa /var/run/syslog.pid
273 default process ID file
277 domain datagram log socket
302 The ability to log messages received in UDP packets is equivalent to
303 an unauthenticated remote disk-filling service, and should probably be
304 disabled by default. Some sort of
305 .No inter- Ns Nm syslogd
306 authentication mechanism ought to be worked out. To prevent the worst
309 option is therefore highly recommended.
313 matching algorithm doesn't pretend to be very efficient; use of numeric
314 IP addresses is faster than domain name comparison. Since the allowed
315 peer list is being walked linearly, peer groups where frequent messages
316 are being anticipated from should be put early into the
320 The log socket was moved from
322 to ease the use of a read-only root filesystem.
324 some old binaries so that a symbolic link might be used for a