|SYSLOGD(8)||System Manager's Manual||SYSLOGD(8)|
syslogdutility reads and logs messages to the system console, log files, other machines and/or users as specified by its configuration file.
syslogdsupport RFC3164 and RFC5424 style log messages for both local and remote logging using Internet and UNIX domain sockets. Differences in style is shown below.
Aug 24 05:14:15 192.0.2.1 myproc: Kilroy was here.
2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - Kilroy was here.
<PRI>’ or ‘
syslogdis derived from BSD sources, today FreeBSD is the reference for
syslogdand NetBSD for the new syslogp(3) API, which fully supports the new features of RFC5424. Please note; 1) the intention is to follow standard BSD
syslogdbehavior, 2) despite having a stand-alone syslog(3), and syslogp(3) API in libsyslog,
syslogdinteracts transparently with the standard C library syslog(3) API, as implemented in GLIBC, musl libc, and uClibc. When
syslogdstarts up it reads its main configuration file /etc/syslog.conf, or an alternate file given with the
-ffile option. For details on how to configure syslog priority (facility.severity) filtering, see syslog.conf(5).
syslogdreads messages from the UNIX domain socket /dev/log, from an Internet domain socket specified in /etc/services, and from /dev/kmsg (to read kernel messages). The command line options defined below can be used to change this behavior. The options are as follows:
syslogdto use IPv4 addresses only.
syslogdto use IPv6 addresses only.
syslogdnot to interfere with 8-bit data. Normally
syslogdreplaces C1 control characters (ISO 8859 and Unicode characters) with their “M-x” equivalent. Note, this option does not change the way
syslogdalters control characters (see iscntrl(3)). They are always replaced with their “^x” equivalent.
syslogdtries to send the message to only one address even if the host has more than one A or AAAA record. If this option is specified,
syslogdtries to send the message to all addresses.
-aoptions may be specified. Any
-aoption is ignored if the
-soption is also specified. The peer argument may be any of the following:
*’ accepts UDP packets from any source port. The default service is ‘
syslog’. If address is an IPv4 address, a missing prefix len will be substituted by the historic class A or class B netmasks if address belongs in the address range of class A or B, respectively, or by' /24 otherwise. If address is an IPv6 address, a missing prefix len will be substituted by 128.
syslogdlistens on all interfaces on UDP port 514, unless started with the
-boptions may be specified to bind to several addresses and/or ports. The name argument may be any of the following:
[’ and ‘
syslog’ (UDP), port 512.
syslogdcannot write to, or read from, this file it will cause repeated kernel log messages when restarting
syslogdrelies on this file being removed at system reboot. The default location depends on the system and how
syslogdinto debugging mode. This is probably only of use to developers working on
syslogd. See the DEBUGGING section for more information.
syslogdin the foreground, rather than going into daemon mode. This is useful if some other process uses fork(2) and exec(3) to run
syslogd, and wants to monitor when and how it exits.
-poption is specified, the default path name is replaced with the specified one. When two or more
-poptions are specified, the remaining path names are treated as additional log sockets.
secure_modeconfig option. This is more flexible since you can change the option and simply send SIGHUP to activate the changes, instead of having to restart
syslogd. Note: the command line option always wins, so it must be removed for
syslogdto consider the .conf file option instead.
syslogdby default only trusts the kernel timestamp when starting up the first time. As soon as the the kernel ring buffer has been emptied,
syslogduses its own current time for each received kernel log message. This option disables that behavior.
syslogdutility reads its configuration file when it starts up and whenever it receives a hangup signal. For information on the format of the configuration file, see syslog.conf(5). The
syslogdutility creates its process ID file, by default /var/run/syslogd.pid, and stores its process ID there. This can be used to kill or reconfigure
syslogd. The message sent to
syslogdshould consist of a single line. The message can contain a priority code, which should be a preceding decimal number in angle braces, for example, ‘⟨5⟩’. This priority code should map into the priorities defined in the include file
<sys/syslog.h>. To log with RFC5424 style messages the priority code must be directly followed by the version number, this is all handled by libsyslog, which is the NetBSD syslogp(3) API included with the
sysklogdproject. The date and time are taken from the received message. If the format of the timestamp field is incorrect, time obtained from the local host is used instead. This can be overridden by the
-d) is enabled
syslogdonly the first
init() is shown.
syslogdthen prompts you to send SIGUSR1 to continue debugging. The output is very verbose and is probably only useful to developers. When
syslogdreceives SIGHUP it reloads its configuration file, and at the end of the
init() sequence all log targets are listed with their respective priority per facility, the action and the log format used:
syslogdsupports the following signals:
syslogdperform a re-initialization. All open files are closed, the configuration file (see above) is reread and the syslog(3) facility is started again.
syslogdto exit gracefully. Flushing any log files to disk.
syslogdwill rotate all files for which rotation is configured when receiving this signal.
syslogdis running, and then send signals:
kill -SIGNAL `cat /var/run/syslogd.pid`
syslogdrelies on this file being removed at system reboot.
syslogdwas originally ported to Linux by Greg Wettstein <firstname.lastname@example.org> and the project was named
sysklogdwhen a separate log daemon,
klogd, for Linux kernel messages was added. It was the default
syslogdin Debian and Ubuntu, maintained by Martin Schulze <email@example.com>, who fixed some bugs and added several new features. When Debian replaced
rsyslogdthe project was abandoned. In 2018 Joachim Wiberg <firstname.lastname@example.org> picked up maintenance. In 2019 the project was revived with fresh DNA strands from both FreeBSD and NetBSD,
klogdwas removed in v2.1 and the project was then re-licensed under the 3-clause BSD license, like its brethren. The
syslogdutility first appeared in 4.3BSD.
-s) by default. (The shipped systemd unit file disables this by default.) See also SECURITY for more information on this. A future version of
syslogdmay include support for TLS, RFC5425, which includes authentication of both senders and receivers. For now there is the
-aoption, which is strongly recommended when operating as a remote sink. The
-amatching algorithm does not pretend to be very efficient; use of numeric IP addresses is faster than domain name comparison. Since the allowed peer list is being walked linearly, peer groups where frequent messages are being anticipated from should be put early into the
-alist. As mentioned in the DESCRIPTION,
syslogdtransparently supports the standard C library syslog(3) API. If a binary linked to the standard C libraries does not operate correctly, this should be reported as a bug to the sysklogd issue tracker
|May 5, 2021||sysklogd|