syslogd



SYSLOGD(8)                  System Manager's Manual                 SYSLOGD(8)


NAME

     syslogd - log system messages


SYNOPSIS

     syslogd [-46dFhnruVZ] [-a path] [-C CAfile] [-c cert_file]
             [-f config_file] [-K CAfile] [-k key_file] [-m mark_interval]
             [-p log_socket] [-S listen_address] [-s reporting_socket]
             [-T listen_address] [-U bind_address]


DESCRIPTION

     syslogd writes system messages to log files or a user's terminal.  Output
     can be sent to other programs for further processing.  It can also
     securely send and receive log messages to and from remote hosts.

     The options are as follows:

     -4      Forces syslogd to use only IPv4 addresses for UDP.

     -6      Forces syslogd to use only IPv6 addresses for UDP.

     -a path
             Specify a location where syslogd should place an additional log
             socket.  The primary use for this is to place additional log
             sockets in /dev/log of various chroot filespaces, though the need
             for these is less urgent after the introduction of sendsyslog(2).

     -C CAfile
             PEM encoded file containing CA certificates used for certificate
             validation of a remote loghost; the default is /etc/ssl/cert.pem.

     -c cert_file
             PEM encoded file containing the client certificate for TLS
             connections to a remote loghost.  The default is not to use a
             client certificate for the outgoing connection to a syslog
             server.  This option has to be used together with -k key_file.

     -d      Enable debugging to the standard output, and do not disassociate
             from the controlling terminal.

     -F      Run in the foreground instead of disassociating from the
             controlling terminal and running as a background daemon.

     -f config_file
             Specify the pathname of an alternate configuration file; the
             default is /etc/syslog.conf.

     -h      Include the hostname when sending messages to a remote loghost.

     -K CAfile
             PEM encoded file containing CA certificates used for client
             certificate validation on the local listen socket.  By default
             incoming connections from any TLS client are allowed.

     -k key_file
             PEM encoded file containing the client private key for TLS
             connections to a remote loghost.  This option has to be used
             together with -c cert_file.

     -m mark_interval
             Select the number of minutes between "mark" messages; the default
             is 20 minutes.

     -n      Print source addresses numerically rather than symbolically.
             This saves an address-to-name lookup for each incoming message,
             which can be useful when combined with the -u option on a loghost
             with no DNS cache.  Messages from the local host will still be
             logged with the symbolic local host name.

     -p log_socket
             Specify the pathname of an alternate log socket to be used
             instead; the default is /dev/log.

     -r      Print duplicate lines immediately and suppress the "last message
             repeated" summary when piping to another program or forwarding to
             a remote loghost.  If given twice, this is done for all log
             actions.

     -S listen_address
             Create a TLS listen socket for receiving encrypted messages and
             bind it to the specified address.  A port number may be specified
             using the host:port syntax.  The first listen_address is also
             used to find a suitable server key and certificate in /etc/ssl/.

     -s reporting_socket
             Specify path to a UNIX-domain socket for use in reporting logs
             stored in memory buffers using syslogc(8).

     -T listen_address
             Create a TCP listen socket for receiving messages and bind it to
             the specified address.  There is no well-known port for syslog
             over TCP, so a port number must be specified using the host:port
             syntax.

     -U bind_address
             Create a UDP socket for receiving messages and bind it to the
             specified address.  This can be used, for example, with a pf
             divert-to rule to receive packets when syslogd is bound to
             localhost.  A port number may be specified using the host:port
             syntax.

     -u      Select the historical "insecure" mode, in which syslogd will
             accept input from the UDP port.  Some software wants this, but
             you can be subjected to a variety of attacks over the network,
             including attackers remotely filling logs.

     -V      Do not perform remote server certificate and hostname validation
             when sending messages.

     -Z      Generate timestamps in ISO format.  This includes the year and
             the timezone, and all logging is done in UTC.

     The options -a, -S, -T, and -U can be given more than once to specify
     multiple input sources.

     When starting up, syslogd reads its configuration file, syslog.conf(5),
     and opens the configured logfiles and TCP and TLS connections.  The
     logfiles already have to exist with the correct permissions.  When
     receiving a SIGHUP signal, it closes all open logfiles and outgoing TCP
     and TLS connections and re-runs this initialization sequence.  Sending
     this signal is required both after editing the configuration file and
     after log rotation.

     syslogd opens a UDP socket, as specified in /etc/services, for sending
     forwarded messages.  By default all incoming data on this socket is
     discarded.  If insecure mode is switched on with -u, it will also read
     messages from the socket.  syslogd also opens and reads messages from the
     UNIX-domain socket /dev/log, and from the special device /dev/klog (to
     read kernel messages), and from sendsyslog(2) (to read messages from
     userland processes).

     The message sent to syslogd should consist of a single line.  Embedded
     new line characters are converted to spaces; binary data is encoded by
     vis(3).  The message can contain a priority code, which should be a
     preceding decimal number in angle braces, for example, "<5>".  This
     priority code should map into the priorities defined in the include file
     <sys/syslog.h>.

     When sending syslog messages to a remote loghost via TLS, the server's
     certificate and hostname are validated to prevent malicious servers from
     reading messages.  If the server has a certificate with a matching
     hostname signed by a CA in /etc/ssl/cert.pem, it is verified with that by
     default.  If the server has a certificate with a matching hostname signed
     by a private CA, use the -C option and put that CA into CAfile.
     Validation can be explicitly turned off using the -V option.  If the
     server is accepting messages only from clients with a trusted client
     certificate, use the -k and -c options to authenticate syslogd with this
     certificate.

     When receiving syslog messages from a TLS client, there must be a server
     key and certificate in /etc/ssl/private/host[:port].key and
     /etc/ssl/host[:port].crt.  If the client uses certificates to
     authenticate, the CA of the client's certificate may be added to CAfile
     using the -K option to protect from messages being spoofed by malicious
     senders.


FILES

     /dev/log             Name of the UNIX-domain datagram log socket.
     /dev/klog            Kernel log device.
     /etc/ssl/            Private keys and public certificates.
     /etc/syslog.conf     Configuration file.
     /var/run/syslog.pid  Process ID of current syslogd.


SEE ALSO

     logger(1), syslog(3), services(5), syslog.conf(5), newsyslog(8),
     syslogc(8)


HISTORY

     The syslogd command appeared in 4.3BSD.


CAVEATS

     syslogd does not create files, it only logs to existing ones.

OpenBSD 6.4                   September 27, 2018                   OpenBSD 6.4

[Unix Hosting | Open-Source | Contact Us]
[Engineering & Automation | Software Development | Server Applications]