syslog



SYSLOG(3)                 OpenBSD Programmer's Manual                SYSLOG(3)


NAME

     syslog, syslog_r, vsyslog, vsyslog_r, openlog, openlog_r, closelog,
     closelog_r, setlogmask, setlogmask_r - control system log


SYNOPSIS

     #include <syslog.h>
     #include <stdarg.h>

     void
     syslog(int priority, const char *message, ...);

     void
     syslog_r(int priority, struct syslog_data *data, const char
     *message, ...);

     void
     vsyslog(int priority, const char *message, va_list args);

     void
     vsyslog_r(int priority, struct syslog_data *data, const char
     *message, va_list args);

     void
     openlog(const char *ident, int logopt, int facility);

     void
     openlog_r(const char *ident, int logopt, int facility, struct syslog_data
     *data);

     void
     closelog(void);

     void
     closelog_r(struct syslog_data *data);

     int
     setlogmask(int maskpri);

     int
     setlogmask_r(int maskpri, struct syslog_data *data);

     struct syslog_data {
             int             log_file;
             int             connected;
             int             opened;
             int             log_stat;
             const char     *log_tag;
             int             log_fac;
             int             log_mask;
     };

     #define SYSLOG_DATA_INIT {-1, 0, 0, 0, NULL, LOG_USER, 0xff}


DESCRIPTION

     The syslog() function writes message to the system message logger.  The
     message is then written to the system console, log files, logged-in
     users, or forwarded to other machines as appropriate (see syslogd(8)).

     The message is identical to a printf(3) format string, except that `%m'
     is replaced by the current error message (as denoted by the global
     variable errno; see strerror(3)).  A trailing newline is added if none is
     present.

     The syslog_r() function is a reentrant version of the syslog() function.
     It takes a pointer to a syslog_data structure which is used to store
     information.  This parameter must be initialized before syslog_r() is
     called.  The SYSLOG_DATA_INIT constant is used for this purpose.  The
     syslog_data structure is composed of the following elements:

     log_file   contains the file descriptor of the file where the message is
                logged

     connected  indicates if connect has been done

     opened     indicates if openlog_r() has been called

     log_stat   status bits, set by openlog_r()

     log_tag    string to tag the entry with

     log_fac    facility code

     log_mask   mask of priorities to be logged

     The vsyslog() function is an alternate form in which the arguments have
     already been captured using the variable-length argument facilities of
     varargs(3).

     The message is tagged with priority.  Priorities are encoded as a
     facility and a level.  The facility describes the part of the system
     generating the message:

     LOG_AUTH      The authorization system: login(1), su(1), getty(8), etc.

     LOG_AUTHPRIV  The same as LOG_AUTH, but logged to a file readable only by
                   selected individuals.

     LOG_CRON      The cron daemon, cron(8).

     LOG_DAEMON    System daemons, such as dhcpd(8), that are not provided for
                   explicitly by other facilities.

     LOG_FTP       The file transfer protocol daemon, ftpd(8).

     LOG_KERN      Messages generated by the kernel.  These cannot be
                   generated by any user processes.

     LOG_LPR       The line printer spooling system: lpr(1), lpc(8), lpd(8),
                   etc.

     LOG_MAIL      The mail system.

     LOG_NEWS      The network news system.

     LOG_SYSLOG    Messages generated internally by syslogd(8).

     LOG_USER      Messages generated by random user processes.  This is the
                   default facility identifier if none is specified.

     LOG_UUCP      The UUCP system.

     LOG_LOCAL0    Reserved for local use.  Similarly for LOG_LOCAL1 through
                   LOG_LOCAL7.

     The level (ORed with the facility) is selected from the following ordered
     (high to low) list:

     LOG_EMERG     A panic condition.  This is normally broadcast to all
                   users.

     LOG_ALERT     A condition that should be corrected immediately, such as a
                   corrupted system database.

     LOG_CRIT      Critical conditions, e.g., hard device errors.

     LOG_ERR       Errors.

     LOG_WARNING   Warning messages.

     LOG_NOTICE    Conditions that are not error conditions, but should
                   possibly be handled specially.

     LOG_INFO      Informational messages.

     LOG_DEBUG     Messages that contain information normally of use only when
                   debugging a program.

     The vsyslog_r() function is used the same way as vsyslog() except that it
     takes an additional pointer to a syslog_data structure.  It is a
     reentrant version of the vsyslog() function described above.

     The openlog() function provides for more specialized processing of the
     messages sent by syslog() and vsyslog().  The parameter ident is a string
     that will be prepended to every message.  The logopt argument is a bit
     field specifying logging options, which is formed by OR'ing one or more
     of the following values:

     LOG_CONS      If syslog() cannot pass the message to syslogd(8) it will
                   attempt to write the message to the console (/dev/console).

     LOG_NDELAY    Open the connection to syslogd(8) immediately.  Normally
                   the open is delayed until the first message is logged.
                   Useful for programs that need to manage the order in which
                   file descriptors are allocated.  This option must be used
                   in programs that call chroot(2) where the new root does not
                   have its own log socket.

     LOG_ODELAY    Delay opening the connection to syslogd(8) until the first
                   message is logged.  This is the opposite of LOG_NDELAY and
                   is the default behaviour when neither option is specified.

     LOG_PERROR    Write the message to standard error output as well as to
                   the system log.

     LOG_PID       Log the process ID with each message; useful for
                   identifying instantiations of daemons.

     The facility parameter encodes a default facility to be assigned to all
     messages that do not have an explicit facility encoded.

     The openlog_r() function is the reentrant version of the openlog()
     function.  It takes an additional pointer to a syslog_data structure.
     This function must be used in conjunction with the other reentrant
     functions.

     The closelog() function can be used to close the log file.  closelog_r()
     does the same thing but in a reentrant way and takes an additional
     pointer to a syslog_data structure.

     The setlogmask() function sets the log priority mask to maskpri and
     returns the previous mask.  Calls to syslog() with a priority not set in
     maskpri are rejected.  The mask for an individual priority pri is
     calculated by the macro LOG_MASK(pri); the mask for all priorities up to
     and including toppri is given by the macro LOG_UPTO(toppri).  The default
     allows all priorities to be logged.

     The setlogmask_r() function is the reentrant version of setlogmask().  It
     takes an additional pointer to a syslog_data structure.


RETURN VALUES

     The closelog(), closelog_r(), openlog(), openlog_r(), syslog(),
     syslog_r(), vsyslog(), and vsyslog_r() functions return no value.

     The routines setlogmask() and setlogmask_r() always return the previous
     log mask level.


EXAMPLES

           syslog(LOG_ALERT, "who: internal error 23");

           openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);

           setlogmask(LOG_UPTO(LOG_ERR));

           syslog(LOG_INFO, "Connection from host %d", CallingHost);

           syslog(LOG_INFO|LOG_LOCAL2, "foobar error: %m");

     For the reentrant functions:

           struct syslog_data sdata = SYSLOG_DATA_INIT;

           syslog_r(LOG_INFO|LOG_LOCAL2, &sdata, "foobar error: %m");


SEE ALSO

     logger(1), syslogd(8)


HISTORY

     These functions appeared in 4.2BSD.  The reentrant functions appeared in
     OpenBSD 3.1.


CAVEATS

     It is important never to pass a string with user-supplied data as a
     format without using `%s'.  An attacker can put format specifiers in the
     string to mangle the stack, leading to a possible security hole.  This
     holds true even if the string has been built ``by hand'' using a function
     like snprintf(), as the resulting string may still contain user-supplied
     conversion specifiers for later interpolation by syslog().

     Always be sure to use the proper secure idiom:

           syslog(priority, "%s", string);

     syslog_r() and the other reentrant functions should only be used where
     reentrancy is required (for instance, in a signal handler).  syslog()
     being not reentrant, only syslog_r() should be used here.  For more
     information about reentrancy and signal handlers, see signal(3).

OpenBSD 5.4                      June 5, 2013                      OpenBSD 5.4

[Unix Hosting | Open-Source | Contact Us]
[Engineering & Automation | Software Development | Server Applications]