Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SYSLOGD(8)		  BSD System Manager's Manual		    SYSLOGD(8)

     syslogd --	log systems messages

     syslogd [-dnrSsTUv] [-b bind_address] [-f config_file] [-g	group]
	     [-m mark_interval]	[-o output_format] [-P file_list]
	     [-p log_socket [-p	log_socket2 ...]] [-t chroot_dir] [-u user]

     syslogd reads and logs messages to	the system console, log	files, other
     machines and/or users as specified	by its configuration file.  The	op-
     tions are as follows:

     -b	bind_address  Specify one specific IP address or hostname to bind to.
		      If a hostname is specified, the IPv4 or IPv6 address
		      which corresponds	to it is used.

     -d		      Enable debugging to the standard output, and do not dis-
		      associate	from the controlling terminal.

     -f	config_file   Specify the pathname of an alternative configuration
		      file; the	default	is /etc/syslog.conf.

     -g	group	      Set GID to group after the sockets and log files have
		      been opened.

     -m	mark_interval
		      Select the number	of minutes between ``mark'' messages;
		      the default is 20	minutes.

     -n		      Do not perform hostname lookups; report only numeric ad-

     -o	output_format
		      Select output message format.

		      rfc3164 traditional BSD Syslog format (default)

		      syslog  new syslog-protocol format

     -P		      Specify the pathname of a	file containing	a list of
		      sockets to be created.  The format of the	file is	simply
		      one socket per line.

     -p	log_socket    Specify the pathname of a	log socket.  Multiple -p op-
		      tions create multiple log	sockets.  If no	-p arguments
		      are created, the default socket of /var/run/log is used.

     -r		      Disable the compression of repeated instances of the
		      same line	into a single line of the form "last message
		      repeated N times".

     -S		      Sync kernel messages to disk immediately.

     -s		      Select "secure" mode, in which syslogd does not listen
		      on a UDP socket but only communicates over a UNIX	domain
		      socket.  This is valuable	when the machine on which
		      syslogd runs is subject to attack	over the network and
		      it is desired that the machine be	protected from at-
		      tempts to	remotely fill logs and similar attacks.

     -t	chroot_dir    chroot(2)	to chroot_dir after the	sockets	and log	files
		      have been	opened.

     -T		      Always use the local time	and date for messages received
		      from the network,	instead	of the timestamp field sup-
		      plied in the message by the remote host.	This is	useful
		      if some of the originating hosts can't keep time prop-
		      erly or are unable to generate a correct timestamp.

     -u	user	      Set UID to user after the	sockets	and log	files have
		      been opened.

     -U		      Unique priority logging.	Only log messages at the pri-
		      ority specified by the selector in the configuration
		      file.  Without this option, messages at the specified
		      priority or higher are logged.  This option changes the
		      default priority comparison from `>=' to `='.

     -v		      Verbose logging.	If specified once, the numeric facil-
		      ity and priority are logged with each locally-written
		      message.	If specified more than once, the names of the
		      facility and priority are	logged with each locally-writ-
		      ten message.

     syslogd reads its configuration file when it starts up and	whenever it
     receives a	hangup signal.	For information	on the format of the configu-
     ration file, see syslog.conf(5).

     syslogd reads messages from the UNIX domain socket	/var/run/log, from an
     Internet domain socket specified in /etc/services,	and from the special
     device /dev/klog (to read kernel messages).

     syslogd creates the file /var/run/, and	stores its process id
     there.  This can be used to kill or reconfigure syslogd.

     By	using multiple -p options, one can set up many chroot environments by
     passing the pathname to the log socket (/var/run/log) in each chroot area
     to	syslogd.  For example:
	   syslogd -p /var/run/log -p /web/var/run/log -p /ftp/var/run/log

     Note: the normal log socket must now also be passed to syslogd.

     The logged	message	includes the date, time, and hostname (or pathname of
     the log socket).  Commonly, the program name and the process id is	in-

     The date and time are taken from the received message.  If	the format of
     the timestamp field is incorrect, time obtained from the local host is
     used instead.  This can be	overridden by the -T flag.

     Accesses from UDP socket can be filtered by libwrap configuration files,
     like /etc/hosts.deny.  Specify "syslogd" in daemon_list portion of	the
     configuration files.  Refer to hosts_access(5) for	details.

     syslogd accepts messages in traditional BSD Syslog	or in newer Syslog
     Protocol format.  See RFC 3164 (BSD Syslog) and RFC 5424 (Syslog Proto-
     col) for detailed description of the message format.  Messages from the
     local kernel that are not tagged with a priority code receive the default
     facility LOG_KERN and priority LOG_NOTICE.	 All other untagged messages
     receive the default facility LOG_USER and priority	LOG_NOTICE.

     /etc/syslog.conf	   The configuration file.
     /var/run/  The process id of current syslogd.
     /var/run/log	   Name	of the UNIX domain datagram log	socket.
     /dev/klog		   The kernel log device.

     logger(1),	syslog(3), services(5),	syslog.conf(5),	newsyslog(8)

     The BSD syslog Protocol, RFC, 3164, August	2001.

     The Syslog	Protocol, RFC, 5424, March 2009.

     The syslogd command appeared in 4.3BSD.  Support for multiple log sockets
     appeared in NetBSD	1.4.  libwrap support appeared in NetBSD 1.6.

BSD			       October 15, 2009				   BSD


Want to link to this manual page? Use this URL:

home | help