SYSKLOGD (8)

SYNOPSIS

syslogd [ -a socket ] [ -d ] [ -f config file ] [ -h ] [ -l hostlist ] [ -m interval ] [ -n ] [ -p socket ] [ -r ] [ -s domainlist ] [ -v ]

DESCRIPTION

Sysklogd provides two system utilities which provide support for system logging and kernel message trapping. Support of both internet and unix domain sockets enables this utility package to support both local and remote logging.

System logging is provided by a version of syslogd (8) derived from the stock BSD sources. Support for kernel logging is provided by the klogd (8) utility which allows kernel logging to be conducted in either a standalone fashion or as a client of syslogd.

Syslogd provides a kind of logging that many modern programs use. Every logged message contains at least a time and a hostname field, normally a program name field, too, but that depends on how trusty the logging program is.

While the syslogd sources have been heavily modified a couple of notes are in order. First of all there has been a systematic attempt to insure that syslogd follows its default, standard BSD behavior. The second important concept to note is that this version of syslogd interacts transparently with the version of syslog found in the standard libraries. If a binary linked to the standard shared libraries fails to function correctly we would like an example of the anomalous behavior.

The main configuration file /etc/syslog.conf or an alternative file, given with the -f option, is read at startup. Any lines that begin with the hash mark (``#'') and empty lines are ignored. If an error occurs during parsing the whole line is ignored.

OPTIONS

-a socket

Using this argument you can specify additional sockets from that syslogd has to listen to. This is needed if you're going to let some daemon run within a chroot() environment. You can use up to 19 additional sockets. If your environment needs even more, you have to increase the symbol MAXFUNIX within the syslogd.c source file. An example for a chroot() daemon is described by the people from OpenBSD at http://www.psionic.com/papers/dns.html.

-d

Turns on debug mode. Using this the daemon will not proceed a fork (2) to set itself in the background, but opposite to that stay in the foreground and write much debug information on the current tty. See the DEBUGGING section for more information.

-f config file

Specify an alternative configuration file instead of /etc/syslog.conf , which is the default.

-h

By default syslogd will not forward messages it receives from remote hosts. Specifying this switch on the command line will cause the log daemon to forward any remote messages it receives to forwarding hosts which have been defined.

-l hostlist

Specify a hostname that should be logged only with its simple hostname and not the fqdn. Multiple hosts may be specified using the colon (``:'') separator.

-m interval

The syslogd logs a mark timestamp regularly. The default interval between two -- MARK -- lines is 20 minutes. This can be changed with this option. Setting the interval to zero turns it off entirely.

-n

Avoid auto-backgrounding. This is needed especially if the syslogd is started and controlled by init (8).

-p socket

You can specify an alternative unix domain socket instead of /dev/log .

-r

This option will enable the facility to receive message from the network using an internet domain socket with the syslog service (see services (5)). The default is to not receive any messages from the network.

This option is introduced in version 1.3 of the sysklogd package. Please note that the default behavior is the opposite of how older versions behave, so you might have to turn this on.

-s domainlist

Specify a domainname that should be stripped off before logging. Multiple domains may be specified using the colon (``:'') separator. Remember that the first match is used, not the best.

-v

Print version and exit.

SIGNALS

Syslogd reacts to a set of signals. You may easily send a signal to syslogd using the following:

kill -SIGNAL `cat /var/run/syslogd.pid`

SIGHUP

This lets syslogd perform a re-initialization. All open files are closed, the configuration file (default is /etc/syslog.conf ) will be reread and the syslog (3) facility is started again.

SIGTERM

The syslogd will die.

SIGINT , SIGQUIT

If debugging is enabled these are ignored, otherwise syslogd will die.

SIGUSR1

Switch debugging on/off. This option can only be used if syslogd is started with the -d debug option.

SIGCHLD

Wait for childs if some were born, because of wall'ing messages.

CONFIGURATION FILE SYNTAX DIFFERENCES

Syslogd uses a slightly different syntax for its configuration file than the original BSD sources. Originally all messages of a specific priority and above were forwarded to the log file.
For example the following line caused ALL output from daemons using the daemon facilities (debug is the lowest priority, so every higher will also match) to go into /usr/adm/daemons :

        # Sample syslog.conf
        daemon.debug                    /usr/adm/daemons

Under the new scheme this behavior remains the same. The difference is the addition of four new specifiers, the asterisk (*) wildcard, the equation sign (=), the exclamation mark (!), and the minus sign (-).

The * specifies that all messages for the specified facility are to be directed to the destination. Note that this behavior is degenerate with specifying a priority level of debug. Users have indicated that the asterisk notation is more intuitive.

The = wildcard is used to restrict logging to the specified priority class. This allows, for example, routing only debug messages to a particular logging source.

For example the following line in syslog.conf would direct debug messages from all sources to the /usr/adm/debug file.

        # Sample syslog.conf
        *.=debug                        /usr/adm/debug