path: root/usr.sbin/syslogd/syslogd.8

.\"	$OpenBSD: syslogd.8,v 1.42 2016/07/12 23:04:30 bluhm Exp $
.\"
.\" Copyright (c) 1983, 1986, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     from: @(#)syslogd.8	8.1 (Berkeley) 6/6/93
.\"	$NetBSD: syslogd.8,v 1.3 1996/01/02 17:41:48 perry Exp $
.\"
.Dd $Mdocdate: July 12 2016 $
.Dt SYSLOGD 8
.Os
.Sh NAME
.Nm syslogd
.Nd log systems messages
.Sh SYNOPSIS
.Nm syslogd
.Bk -words
.Op Fl 46dFhnuV
.Op Fl a Ar path
.Op Fl C Ar CAfile
.Op Fl c Ar cert_file
.Op Fl f Ar config_file
.Op Fl k Ar key_file
.Op Fl m Ar mark_interval
.Op Fl p Ar log_socket
.Op Fl S Ar listen_address
.Op Fl s Ar reporting_socket
.Op Fl T Ar listen_address
.Op Fl U Ar bind_address
.Ek
.Sh DESCRIPTION
.Nm
reads and logs messages to the system console, log files, pipes to
other programs, other machines and/or users as specified by its
configuration file.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl 4
Forces
.Nm
to use only IPv4 addresses for UDP.
.It Fl 6
Forces
.Nm
to use only IPv6 addresses for UDP.
.It Fl a Ar path
Specify a location where
.Nm
should place an additional log socket.
Up to 20 additional logging sockets can be specified.
The primary use for this is to place additional log sockets in
.Pa /dev/log
of various chroot filespaces, though the need for these is
less urgent after the introduction of
.Xr sendsyslog 2 .
.It Fl C Ar CAfile
PEM encoded file containing CA certificates used for certificate
validation;
the default is
.Pa /etc/ssl/cert.pem .
.It Fl c Ar cert_file
PEM encoded file containing the client certificate for TLS connections
to a remote host.
The default is not to use a client certificate for the connection
to a syslog server.
This option has to be used together with
.Fl k Ar key_file .
.It Fl d
Enable debugging to the standard output,
and do not disassociate from the controlling terminal.
.It Fl F
Run in the foreground instead of disassociating from the controlling
terminal and running as a background daemon.
.It Fl f Ar config_file
Specify the pathname of an alternate configuration file;
the default is
.Pa /etc/syslog.conf .
.It Fl h
Include the hostname when forwarding messages to a remote host.
.It Fl k Ar key_file
PEM encoded file containing the client private key for TLS connections
to a remote host.
This option has to be used together with
.Fl c Ar cert_file .
.It Fl m Ar mark_interval
Select the number of minutes between
.Dq mark
messages; the default is 20 minutes.
.It Fl n
Print source addresses numerically rather than symbolically.
This saves an address-to-name lookup for each incoming message,
which can be useful when combined with the
.Fl u
option on a loghost with no DNS cache.
Messages from the local host will still be logged with
the symbolic local host name.
.It Fl p Ar log_socket
Specify the pathname of an alternate log socket to be used instead;
the default is
.Pa /dev/log .
.It Fl S Ar listen_address
Create a TLS listen socket for receiving encrypted messages and
bind it to the specified address.
A port number may be specified using the
.Ar host:port
syntax.
The syslog server will attempt to look up a private key in
.Pa /etc/ssl/private/host:port.key
and a public certificate in
.Pa /etc/ssl/host:port.crt ,
where
.Ar host
is the specified host name or IP address and
.Ar port
is the specified port if given on the command line.
If these files are not present, syslogd will continue to look in
.Pa /etc/ssl/private/host.key
and
.Pa /etc/ssl/host.crt .
.It Fl s Ar reporting_socket
Specify path to an
.Dv AF_LOCAL
socket for use in reporting logs stored in memory buffers using
.Xr syslogc 8 .
.It Fl T Ar listen_address
Create a TCP listen socket for receiving messages and bind it to
the specified address.
There is no well-known port for syslog over TCP, so a port number
must be specified using the
.Ar host:port
syntax.
.It Fl U Ar bind_address
Create a UDP socket for receiving messages and bind it to the
specified address.
This can be used, for example, with a pf divert-to rule to receive
packets when syslogd is bound to localhost.
A port number may be specified using the
.Ar host:port
syntax.
.It Fl u
Select the historical
.Dq insecure
mode, in which syslogd will
accept input from the UDP port.
Some software wants this, but you can be subjected to a variety of
attacks over the network, including attackers remotely filling logs.
.It Fl V
Do not perform server certificate and hostname validation.
.El
.Pp
.Nm
reads its configuration file when it starts up and whenever it
receives a hangup signal.
For information on the format of the configuration file,
see
.Xr syslog.conf 5 .
.Pp
.Nm
creates the file
.Pa /var/run/syslog.pid ,
and stores its process ID there.
This can be used to kill or reconfigure
.Nm syslogd .
.Pp
.Nm
opens an Internet domain socket as specified
in
.Pa /etc/services .
Normally
.Nm
will only use this socket to send messages outwards, but in
.Dq insecure
mode it will also read messages from this socket.
.Nm
also opens and reads messages from the
.Ux Ns -domain
socket
.Pa /dev/log ,
and from the special device
.Pa /dev/klog
(to read kernel messages).
.Pp
.Nm
opens the above described socket whether or not it is
running in secure mode.
If
.Nm
is running in secure mode, all incoming data on this socket is discarded.
The socket is required for sending forwarded messages.
.Pp
The message sent to
.Nm
should consist of a single line.
The message can contain a priority code, which should be a preceding
decimal number in angle braces, for example,
.Dq <5> .
This priority code should map into the priorities defined in the
include file
.In sys/syslog.h .
.Sh FILES
.Bl -tag -width /var/run/syslog.pid -compact
.It Pa /etc/syslog.conf
configuration file
.It Pa /var/run/syslog.pid
process ID of current
.Nm syslogd
.It Pa /dev/log
name of the
.Ux Ns -domain
datagram log socket
.It Pa /dev/klog
kernel log device
.El
.Sh SEE ALSO
.Xr logger 1 ,
.Xr syslog 3 ,
.Xr services 5 ,
.Xr syslog.conf 5 ,
.Xr newsyslog 8 ,
.Xr syslogc 8
.Sh HISTORY
The
.Nm
command appeared in
.Bx 4.3 .
.Sh CAVEATS
.Nm
does not create files,
it only logs to existing ones.