Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SYSLOGD(8)		  BSD System Manager's Manual		    SYSLOGD(8)

     syslogd --	log systems messages

     syslogd [-468ACcdkNnosTuv]	[-a allowed_peer] [-b bind_address]
	     [-f config_file] [-l [mode:]path] [-m mark_interval]
	     [-P pid_file] [-p log_socket]

     The syslogd utility reads and logs	messages to the	system console,	log
     files, other machines and/or users	as specified by	its configuration

     The options are as	follows:

     -4	     Force syslogd to use IPv4 addresses only.

     -6	     Force syslogd to use IPv6 addresses only.

     -8	     Tells syslogd not to interfere with 8-bit data.  Normally syslogd
	     will replace C1 control characters	(ISO 8859 and Unicode
	     characters) with their "M-x" equivalent.  Note, this option does
	     not change	the way	syslogd	alters control characters (see
	     iscntrl(3)).  They	will always be replaced	with their "^x"	equiv-

     -A	     Ordinarily, syslogd tries to send the message to only one address
	     even if the host has more than one	A or AAAA record.  If this op-
	     tion is specified,	syslogd	tries to send the message to all ad-

     -a	allowed_peer
	     Allow allowed_peer	to log to this syslogd using UDP datagrams.
	     Multiple -a options may be	specified.

	     The allowed_peer option may be any	of the following:

	     ipaddr/masklen[:service]	 Accept	datagrams from ipaddr (in the
					 usual dotted quad notation) with
					 masklen bits being taken into account
					 when doing the	address	comparison.
					 ipaddr	can be also IPv6 address by
					 enclosing the address with `['	and
					 `]'.  If specified, service is	the
					 name or number	of an UDP service (see
					 services(5)) the source packet	must
					 belong	to.  A service of `*' allows
					 packets being sent from any UDP port.
					 The default service is	`syslog'.  If
					 ipaddr	is IPv4	address, a missing
					 masklen will be substituted by	the
					 historic class	A or class B netmasks
					 if ipaddr belongs into	the address
					 range of class	A or B,	respectively,
					 or by 24 otherwise.  If ipaddr	is
					 IPv6 address, a missing masklen will
					 be substituted	by 128.

	     domainname[:service]	 Accept	datagrams where	the reverse
					 address lookup	yields domainname for
					 the sender address.  The meaning of
					 service is as explained above.

	     *domainname[:service]	 Same as before, except	that any
					 source	host whose name	ends in
					 domainname will get permission.

	     The -a options are	ignored	if the -s option is also specified.

     -b	bind_address[:service]

     -b	:service
	     Bind to a specific	address	and/or port.  The address can be spec-
	     ified as a	hostname, and the port as a service name.  If an IPv6
	     address is	specified, it should be	enclosed with `[' and `]'.
	     The default service is `syslog'.

     -C	     Create log	files that do not exist	(permission is set to 0600).

     -c	     Disable the compression of	repeated instances of the same line
	     into a single line	of the form "last message repeated N times"
	     when the output is	a pipe to another program.  If specified
	     twice, disable this compression in	all cases.

     -d	     Put syslogd into debugging	mode.  This is probably	only of	use to
	     developers	working	on syslogd.

     -f	     Specify the pathname of an	alternate configuration	file; the de-
	     fault is /etc/syslog.conf.

     -k	     Disable the translation of	messages received with facility	"kern"
	     to	facility "user".  Usually the "kern" facility is reserved for
	     messages read directly from /dev/klog.

     -m	     Select the	number of minutes between "mark" messages; the default
	     is	20 minutes.

     -N	     Disable binding on	UDP sockets.  RFC 3164 recommends that outgo-
	     ing syslogd messages should originate from	the privileged port,
	     this option disables the recommended behavior.  This option in-
	     herits -s.

     -n	     Disable dns query for every request.

     -o	     Prefix kernel messages with the full kernel boot file as deter-
	     mined by getbootfile(3).  Without this, the kernel	message	prefix
	     is	always "kernel:".

     -p	     Specify the pathname of an	alternate log socket to	be used	in-
	     stead; the	default	is /var/run/log.

     -P	     Specify an	alternative file in which to store the process ID.
	     The default is /var/run/

     -S	     Specify the pathname of an	alternate log socket for privileged
	     applications to be	used instead; the default is /var/run/logpriv.

     -l	     Specify a location	where syslogd should place an additional log
	     socket.  The primary use for this is to place additional log
	     sockets in	/var/run/log of	various	chroot filespaces.  File per-
	     missions for socket can be	specified in octal representation be-
	     fore socket name, delimited with a	colon.	Path to	socket loca-
	     tion must be absolute.

     -s	     Operate in	secure mode.  Do not log messages from remote ma-
	     chines.  If specified twice, no network socket will be opened at
	     all, which	also disables logging to remote	machines.

     -T	     Always use	the local time and date	for messages received from the
	     network, instead of the timestamp field supplied in the message
	     by	the remote host.  This is useful if some of the	originating
	     hosts can't keep time properly or are unable to generate a	cor-
	     rect timestamp.

     -u	     Unique priority logging.  Only log	messages at the	specified pri-
	     ority.  Without this option, messages at the stated priority or
	     higher are	logged.	 This option changes the default comparison
	     from "=>" to "=".

     -v	     Verbose logging.  If specified once, the numeric facility and
	     priority are logged with each locally-written message.  If	speci-
	     fied more than once, the names of the facility and	priority are
	     logged with each locally-written message.

     The syslogd utility reads its configuration file when it starts up	and
     whenever it receives a hangup signal.  For	information on the format of
     the configuration file, see syslog.conf(5).

     The syslogd utility reads messages	from the UNIX domain sockets
     /var/run/log and /var/run/logpriv,	from an	Internet domain	socket speci-
     fied in /etc/services, and	from the special device	/dev/klog (to read
     kernel messages).

     The syslogd utility creates its process ID	file, by default
     /var/run/, and stores its process ID there.  This can be	used
     to	kill or	reconfigure syslogd.

     The message sent to syslogd should	consist	of a single line.  The message
     can contain a priority code, which	should be a preceding decimal number
     in	angle braces, for example, `<5>'.  This	priority code should map into
     the priorities defined in the include file	<sys/syslog.h>.

     For security reasons, syslogd will	not append to log files	that do	not
     exist (unless -C option is	specified); therefore, they must be created
     manually before running syslogd.

     The date and time are taken from the received message.  If	the format of
     the timestamp field is incorrect, time obtained from the local host is
     used instead.  This can be	overridden by the -T flag.

     /etc/syslog.conf	  configuration	file
     /var/run/  default process ID file
     /var/run/log	  name of the UNIX domain datagram log socket
     /var/run/logpriv	  UNIX socket for privileged applications
     /dev/klog		  kernel log device

     logger(1),	syslog(3), services(5),	syslog.conf(5),	newsyslog(8)

     The syslogd utility appeared in 4.3BSD.

     The -a, -s, -u, and -v options are	FreeBSD	2.2 extensions.

     The ability to log	messages received in UDP packets is equivalent to an
     unauthenticated remote disk-filling service, and should probably be dis-
     abled by default.	Some sort of inter-syslogd authentication mechanism
     ought to be worked	out.  To prevent the worst abuse, use of the -a	option
     is	therefore highly recommended.

     The -a matching algorithm does not	pretend	to be very efficient; use of
     numeric IP	addresses is faster than domain	name comparison.  Since	the
     allowed peer list is being	walked linearly, peer groups where frequent
     messages are being	anticipated from should	be put early into the -a list.

     The log socket was	moved from /dev	to ease	the use	of a read-only root
     file system.  This	may confuse some old binaries so that a	symbolic link
     might be used for a transitional period.

BSD				 May 13, 2008				   BSD


Want to link to this manual page? Use this URL:

home | help