SYSKLOGD (8)
Linux system logging utilities.
SYNOPSIS
syslogd
[ -a
socket
]
[ -d ]
[ -f
config file
]
[ -h ]
[ -l
hostlist
]
[ -m
interval
]
[ -n ]
[ -p
socket
]
[ -r ]
[ -s
domainlist
]
[ -v ]
DESCRIPTION
Sysklogd
provides two system utilities which provide support for
system logging and kernel message trapping. Support of both internet and
unix domain sockets enables this utility package to support both local
and remote logging.
System logging is provided by a version of
syslogd (8)
derived from the
stock BSD sources. Support for kernel logging is provided by the
klogd (8)
utility which allows kernel logging to be conducted in either a
standalone fashion or as a client of syslogd.
Syslogd
provides a kind of logging that many modern programs use. Every logged
message contains at least a time and a hostname field, normally a
program name field, too, but that depends on how trusty the logging
program is.
While the
syslogd
sources have been heavily modified a couple of notes
are in order. First of all there has been a systematic attempt to
insure that syslogd follows its default, standard BSD behavior.
The second important concept to note is that this version of syslogd
interacts transparently with the version of syslog found in the
standard libraries. If a binary linked to the standard shared
libraries fails to function correctly we would like an example of the
anomalous behavior.
The main configuration file
/etc/syslog.conf
or an alternative file, given with the
-f
option, is read at startup. Any lines that begin with the hash mark
(``#'') and empty lines are ignored. If an error occurs during parsing
the whole line is ignored.
OPTIONS
-a socket
Using this argument you can specify additional sockets from that
syslogd
has to listen to. This is needed if you're going to let some daemon
run within a chroot() environment. You can use up to 19 additional
sockets. If your environment needs even more, you have to increase
the symbol
MAXFUNIX
within the syslogd.c source file. An example for a chroot() daemon is
described by the people from OpenBSD at
http://www.psionic.com/papers/dns.html.
-d
Turns on debug mode. Using this the daemon will not proceed a
fork (2)
to set itself in the background, but opposite to that stay in the
foreground and write much debug information on the current tty. See the
DEBUGGING section for more information.
-f config file
Specify an alternative configuration file instead of
/etc/syslog.conf ,
which is the default.
-h
By default syslogd will not forward messages it receives from remote hosts.
Specifying this switch on the command line will cause the log daemon to
forward any remote messages it receives to forwarding hosts which have been
defined.
-l hostlist
Specify a hostname that should be logged only with its simple hostname
and not the fqdn. Multiple hosts may be specified using the colon
(``:'') separator.
-m interval
The
syslogd
logs a mark timestamp regularly. The default
interval
between two -- MARK -- lines is 20 minutes. This can be changed
with this option. Setting the
interval
to zero turns it off entirely.
-n
Avoid auto-backgrounding. This is needed especially if the
syslogd
is started and controlled by
init (8).
-p socket
You can specify an alternative unix domain socket instead of
/dev/log .
-r
This option will enable the facility to receive message from the
network using an internet domain socket with the syslog service (see
services (5)).
The default is to not receive any messages from the network.
This option is introduced in version 1.3 of the sysklogd
package. Please note that the default behavior is the opposite of
how older versions behave, so you might have to turn this on.
-s domainlist
Specify a domainname that should be stripped off before
logging. Multiple domains may be specified using the colon (``:'')
separator. Remember that the first match is used, not the best.
-v
SIGNALS
Syslogd
reacts to a set of signals. You may easily send a signal to
syslogd
using the following:
kill -SIGNAL `cat /var/run/syslogd.pid`
SIGHUP
This lets
syslogd
perform a re-initialization. All open files are closed, the
configuration file (default is
/etc/syslog.conf )
will be reread and the
syslog (3)
facility is started again.
SIGTERM
SIGINT , SIGQUIT
If debugging is enabled these are ignored, otherwise
syslogd
will die.
SIGUSR1
Switch debugging on/off. This option can only be used if
syslogd
is started with the
-d
debug option.
SIGCHLD
Wait for childs if some were born, because of wall'ing messages.
CONFIGURATION FILE SYNTAX DIFFERENCES
Syslogd
uses a slightly different syntax for its configuration file than
the original BSD sources. Originally all messages of a specific priority
and above were forwarded to the log file.
For example the following line caused ALL output from daemons using
the daemon facilities (debug is the lowest priority, so every higher
will also match) to go into
/usr/adm/daemons :
# Sample syslog.conf
daemon.debug /usr/adm/daemons
Under the new scheme this behavior remains the same. The difference
is the addition of four new specifiers, the asterisk (*)
wildcard, the equation sign (=), the exclamation mark
(!), and the minus sign (-).
The * specifies that all messages for the
specified facility are to be directed to the destination. Note that
this behavior is degenerate with specifying a priority level of debug.
Users have indicated that the asterisk notation is more intuitive.
The = wildcard is used to restrict logging to the specified priority
class. This allows, for example, routing only debug messages to a
particular logging source.
For example the following line in
syslog.conf
would direct debug messages from all sources to the
/usr/adm/debug
file.
# Sample syslog.conf
*.=debug /usr/adm/debug
|