summaryrefslogtreecommitdiff
path: root/usr.sbin/syslogd
AgeCommit message (Collapse)Author
2019-01-18Increase the socket buffer size for sendsyslog(2) to 1 MB. DuringAlexander Bluhm
bursts it is possible that syslogd(8) cannot process messages fast enough. The larger kernel buffer allows to work them off in more time. Then fewer dropped messages are reported. problem found by millert@; OK claudio@ deraadt@
2019-01-13document how program names are extracted from log linesIngo Schwarze
in order to select syslog.conf(5) line blocks
2019-01-13When parsing log lines in order to select syslog.conf(5) line blocks, supportIngo Schwarze
program names containing period ('.') and underscore ('_') ASCII characters. Missing feature reported by and patch tested by Kawashima underscore James at yahoo dot co dot jp. "Makes sense." deraadt@
2018-11-29Honor SIGINT/QUIT when running in foregroundkn
Allows stopping `syslogd -F' with ^C. OK bluhm
2018-09-27Document how syslogd(8) escapes characters in log lines.Alexander Bluhm
input jmc@; OK sthen@
2018-09-02Document how SIGHUP and log rotation works with syslogd(8). Do notAlexander Bluhm
mention the PID file. While there, use .Nm consistently. wording from schwarze@; deraadt@ cheloha@ millert@ agree
2018-08-31Unsetting Initialized during syslogd die() is a relic from the timeAlexander Bluhm
when we had real signal handlers. But now we use libevent, so remove the old logic. OK deraadt@ millert@
2018-08-07Unveil fits nicely into the syslogd privsep model. Unveiled filesTheo de Raadt
include config file "r", utmp "r", /dev "rw", /bin/sh "x" for running piped commands, and the syslogd binary "x" itself for HUP re-exec upon config loads with changes. Also unveiled in the privsep process are the specific log files being written to. If a config file reload changes no files, the existing privsep process keeps running with unveil's to the relevant files (therefore it can cope with newsyslogd taking files away). If a new config file is loaded which changes the output files, the privsep process is restarted with fork+exec, and installs new unveils as needed. The safety we gain from unveil is that we've pigeonholed the privsep file-writer to exactly the files required. Help from bluhm for some edge cases.
2018-07-23Point to glob in section 7 for the actual list of special characters insteadkn
the C API in section 3. OK millert jmc nicm, "the right idea" deraadt
2018-07-17allow shell globs to match program and hostname selector tags viaDamien Miller
fnmatch(3); ok sthen@ bluhm@
2018-04-26Globally remember the passwd entry for _syslogd. The user id isAlexander Bluhm
used for opening the pipe process. Move the getpwnam() lookup out of the privsep parent loop, so it does not need "getpw" pledge anymore. OK deraadt@
2018-04-08AF_LOCAL was a failed attempt (by POSIX?) to seem less UNIX-specific, butPhilip Guenther
AF_UNIX is both the historical _and_ standard name, so prefer and recommend it in the headers, manpages, and kernel. ok miller@ deraadt@ schwarze@
2018-02-02convert the remaining examples to full sentences;Jason McIntyre
2018-02-01Add an example on how to log messages coming from a given host to aLandry Breuil
specific logfile. ok sthen@ millert@
2018-01-27Add missing `l' prefix to linker flag and markup SIGHUP; ok jmc@anton
2017-11-24Revert my change to ignore EIO errors when writing to log files.Alexander Bluhm
Syslogd continued logging messages to a file that had an EIO error. This could slow down the whole system. File system errors may cause huge delays at every access. This prevented debugging the issue. Now syslogd will log a warning and shut down logging to this file until restart or SIGHUP. OK deraadt@ espie@ millert@
2017-10-23When the partition of /var/log was full, syslogd(8) stopped writingAlexander Bluhm
to files located there. It did this permanently, so cleaning /var without SIGHUP to syslogd did not help. Better retry, write an error message to other log hosts, and write a summary of dropped messages after it works again. OK millert@ friehm@
2017-10-05When syslogd writes some startup errors to stderr or console, theyAlexander Bluhm
never appear in any log file. After initialization, write a summary into log files and to remote log host. So the problem shows up, when someone is looking at the persistent messages. Print the "dropped message" warning in a common function. OK sthen@ millert@
2017-10-05I have touched more than half the source code lines of syslogd(8).Alexander Bluhm
Add my copyright explicitly.
2017-10-02Also ignore "Can't assign requested address" error when sendto(2)Alexander Bluhm
to UDP loghost fails. Otherwise syslogd(8) would no longer send to this destination after the error occured once. tested by Rivo Nurges; OK millert@ benno@ deraadt@
2017-09-27Document how ioctl(2) LIOCSFD on /dev/klog registers a socket pairAlexander Bluhm
to receive sendsyslog(2) messages. discussed with martijn@; OK jmc@ deraadt@
2017-09-17syslogd has special code to report errors before it has beenAlexander Bluhm
initialized. For every message it did reopen the console with file descriptor passing from the privsep parent. Now preopen the console, so writing the message out works in more cases. If the console has been revoked, a reopen via privsep and write again is tried anyway. OK brynet@ deraadt@ jca@
2017-09-17When writing local output, syslogd ignores EAGAIN. UnfortunatelyAlexander Bluhm
it has closed the file descriptor before checking the errno. So f_file contained a bad file descriptor that could be reused at the next open. Keep the file open if errno is EAGAIN. Move the close(2) down where the old file descriptor in f_file is overwritten in all cases. OK deraadt@ jca@
2017-09-12In the default configuration syslogd(8) kept two *:514 UDP socketsAlexander Bluhm
open. These sockets are used for sending UDP packets if there is a UDP loghost in syslog.conf(5). If syslogd is started with -u, they can receive packets, otherwise they are disabled with shutdown(SHUT_RD). In case syslogd does neither send nor receive, close the sockets after reading the configuration file. This gives us a cleaner netstat output, and the ports are not reported by port scanners. This has no security implication. OK benno@ jca@ sthen@ deraadt@
2017-08-08Kernel sendsyslog(2), libc syslog(3), and syslogd(8) restrict andAlexander Bluhm
truncate the length of a syslog message to 8192 bytes. Use one global define LOG_MAXLINE for all of them. OK deraadt@ millert@
2017-07-05Some documentation improvements:Martin Pieuchot
- Fix TLS s/server/client/ - Use 'remote loghost' consistently, even if it's not clear to which endpoint this correspond. - Replace 'forwarding' by 'sending' to remove the ambiguity about the inserted hostname. - Do not use the word 'server' with 'socket' to avoid confusion with a TLS server. - Prefer 'senders' than 'clients' when it comes to spoofing, to reduce one usage of the word 'client. ok jmc@, bluhm@
2017-07-04It does not make sense to use ioctl(FIONREAD) with TLS as libtlsAlexander Bluhm
has already read the buffer from kernel to user land. I have blindly copied this code from libevent for syslogd(8) TLS, remove it together with the bug. It caused hangs in ldapd(8). report, analysis, testing, OK Seiya Kawashima, Robert Klein, gsoares@
2017-04-28When syslogd(8) failed to open a logfile, the error message couldAlexander Bluhm
get lost. Remove log_setdebug() as it adds too much abstraction, use the global variable Started instead. Set the Started value before the init() function. Then errors during config file processing will be logged to the console as Initialize is still 0. This is better than stderr as the latter may be redirected to /dev/null. Print the timestamp and hostname also for direct messages to console, so that they look like all others. bug report jung@; OK benno@
2017-04-25Allow syslogd(8) to listen on multiple addresses for incomming TLSAlexander Bluhm
connections. This expands the feature from UDP and TCP to syslog over TLS. input jmc@; OK millert@
2017-04-17Add syslogd(8) option -r to suppress the summary line for pipe andAlexander Bluhm
remote loghost as they are most commonly used for automated log processing. With -rr the "last message repeated" feature can be disabled completely. OK sthen@ deraadt@ jmc@
2017-04-07Incoming TCP connections from clients fill the files of a log server.Alexander Bluhm
A log client reconnects at every SIGHUP. Write these accept and close messages with debug priority, then they can be turned on in syslog.conf. Default is off. While there, move a debug message and set the priority of the exit message explicitly to error. OK mpf@ millert@
2017-04-06Add the LOG_SYSLOG facility to local messages.Alexander Bluhm
OK millert@
2017-04-05The global variable Startup is not used anymore and can be deleted.Alexander Bluhm
The functionality has moved into log_setdebug(). OK millert@
2017-04-05As we did not have nice log functions before, ttymsg() had to returnAlexander Bluhm
the error string. Log the message when the error happens and make the function void. OK millert@
2017-04-05The function logmsg() was used to generate local messages and toAlexander Bluhm
process incoming messages. Split this functionality into log_info() and logline(). Sort the parameters like they appear in the syslog line. OK millert@
2017-04-05Replace logerror() functions with generic log_warn() from log.c.Alexander Bluhm
Make messages a bit more consistent. Note that the new function supports format strings. Replace some log_debug() with log_warn(). OK millert@
2017-04-05Replace all combinations of logerror() and die() with log.c fatal().Alexander Bluhm
Internally syslogd's fatal() calls die() to do cleanup if necessary. Also replace all err(3) after log_init() with fatal(). OK millert@
2017-04-05Replace logdebug() with generic log_debug() from log.c. ImplementAlexander Bluhm
log_debugadd() to construct debug message incrementally. OK deraadt@
2017-04-05Do not print a warning if closing the control socket fails. ItAlexander Bluhm
cannot happen and there is nothing that could be done about it. OK deraadt@
2017-03-28fix semicolon after if statement in currently uncalled codeJonathan Gray
ok bluhm@ deraadt@
2017-03-26After my previous commit, file descriptor fd_sendsys may be -1 ifAlexander Bluhm
socketpair(2) has failed. Do not call ioctl(LIOCSFD) in this case. OK millert@
2017-03-24Keep syslogd(8) running as long as possible. Regular programsAlexander Bluhm
should terminate early in case of an error. But if syslogd dies, no messages can be seen at all. Except from command line parsing and memory shortage during statup, report errors and run all working subsystems, but do not die. OK millert@ dreaadt@
2017-03-24Replace bcopy(3) with memmove(3) in function ttymsg(). Values ofAlexander Bluhm
iov and localiov may overlap. No more bcopy(3) in syslogd(8). from Michael W. Bombardieri
2017-03-16Start to replace the home grown syslogd(8) internal debug and loggingAlexander Bluhm
functions with a more common log.c implementation. Of course openlog(3) cannot be used, so adapt the log.[ch] initially copied from ospfd(8) to syslogd's special needs. As the messages are limited to ERRBUFSIZE anyway, malloc(3) in the error logging code can be avoided. Changing all log calls to the new API will be done in a separate step. OK millert@
2017-03-16Convert the global variable fd_tls to a local one. Use separateAlexander Bluhm
callbacks for TCP and TLS accept(2) instead of looking at the value of the listen file descriptor. OK millert@
2017-03-16There was a file descripotor leak in the syslogd(8) ttymsg() errorAlexander Bluhm
path. Before returning early with an error, close the newly opened file descriptor. OK deraadt@
2017-03-14KNF spacing is more important than long linesTheo de Raadt
2017-03-03Internally libssl uses 16k buffer, the libevent TLS wrapper usesAlexander Bluhm
4k read buffer. This can hang ldapd(8). Setting both to 16k improves the situation. report Seiya Kawashima; feedback Robert Klein; test and OK gsoares@
2017-01-02Syslogd accepted network input only for either IPv4 or IPv6. ToAlexander Bluhm
overcome this limitation, allow to specify more than one listen address for UDP and TCP. input jmc@; OK deraadt@ millert@
2016-12-30When syslogd received a SIGHUP during startup, it died instead ofAlexander Bluhm
reloading its config. This could happen when multiple signals were sent during a short interval. So block SIGHUP until signal handlers are installed. OK deraadt@ jca@