Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SYSLOGD(8)		  BSD System Manager's Manual		    SYSLOGD(8)

     syslogd --	log system messages

     syslogd [-46dFhnruVZ] [-a path] [-C CAfile] [-c cert_file]
	     [-f config_file] [-K CAfile] [-k key_file]	[-m mark_interval]
	     [-p log_socket] [-S listen_address] [-s reporting_socket]
	     [-T listen_address] [-U bind_address]

     syslogd writes system messages to log files or a user's terminal.	Output
     can be sent to other programs for further processing.  It can also	se-
     curely send and receive log messages to and from remote hosts.

     The options are as	follows:

     -4	     Forces syslogd to use only	IPv4 addresses for UDP.

     -6	     Forces syslogd to use only	IPv6 addresses for UDP.

     -a	path
	     Specify a location	where syslogd should place an additional log
	     socket.  The primary use for this is to place additional log
	     sockets in	/dev/log of various chroot filespaces, though the need
	     for these is less urgent after the	introduction of	sendsyslog(2).

     -C	CAfile
	     PEM encoded file containing CA certificates used for certificate
	     validation	of a remote loghost; the default is /etc/ssl/cert.pem.

     -c	cert_file
	     PEM encoded file containing the client certificate	for TLS	con-
	     nections to a remote loghost.  The	default	is not to use a	client
	     certificate for the outgoing connection to	a syslog server.  This
	     option has	to be used together with -k key_file.

     -d	     Enable debugging to the standard output, and do not disassociate
	     from the controlling terminal.

     -F	     Run in the	foreground instead of disassociating from the control-
	     ling terminal and running as a background daemon.

     -f	config_file
	     Specify the pathname of an	alternate configuration	file; the de-
	     fault is /etc/syslog.conf.

     -h	     Include the hostname when sending messages	to a remote loghost.

     -K	CAfile
	     PEM encoded file containing CA certificates used for client cer-
	     tificate validation on the	local listen socket.  By default in-
	     coming connections	from any TLS client are	allowed.

     -k	key_file
	     PEM encoded file containing the client private key	for TLS	con-
	     nections to a remote loghost.  This option	has to be used to-
	     gether with -c cert_file.

     -m	mark_interval
	     Select the	number of minutes between "mark" messages; the default
	     is	20 minutes.

     -n	     Print source addresses numerically	rather than symbolically.
	     This saves	an address-to-name lookup for each incoming message,
	     which can be useful when combined with the	-u option on a loghost
	     with no DNS cache.	 Messages from the local host will still be
	     logged with the symbolic local host name.

     -p	log_socket
	     Specify the pathname of an	alternate log socket to	be used	in-
	     stead; the	default	is /dev/log.

     -r	     Print duplicate lines immediately and suppress the	"last message
	     repeated" summary when piping to another program or forwarding to
	     a remote loghost.	If given twice,	this is	done for all log ac-

     -S	listen_address
	     Create a TLS listen socket	for receiving encrypted	messages and
	     bind it to	the specified address.	A port number may be specified
	     using the host:port syntax.  The first listen_address is also
	     used to find a suitable server key	and certificate	in /etc/ssl/.

     -s	reporting_socket
	     Specify path to a UNIX-domain socket for use in reporting logs
	     stored in memory buffers using syslogc(8).

     -T	listen_address
	     Create a TCP listen socket	for receiving messages and bind	it to
	     the specified address.  There is no well-known port for syslog
	     over TCP, so a port number	must be	specified using	the host:port

     -U	bind_address
	     Create a UDP socket for receiving messages	and bind it to the
	     specified address.	 This can be used, for example,	with a pf di-
	     vert-to rule to receive packets when syslogd is bound to local-
	     host.  A port number may be specified using the host:port syntax.

     -u	     Select the	historical "insecure" mode, in which syslogd will ac-
	     cept input	from the UDP port.  Some software wants	this, but you
	     can be subjected to a variety of attacks over the network,	in-
	     cluding attackers remotely	filling	logs.

     -V	     Do	not perform remote server certificate and hostname validation
	     when sending messages.

     -Z	     Generate timestamps in ISO	format.	 This includes the year	and
	     the timezone, and all logging is done in UTC.

     The options -a, -S, -T, and -U can	be given more than once	to specify
     multiple input sources.

     When starting up, syslogd reads its configuration file, syslog.conf(5),
     and opens the configured logfiles and TCP and TLS connections.  The log-
     files already have	to exist with the correct permissions.	When receiving
     a SIGHUP signal, it closes	all open logfiles and outgoing TCP and TLS
     connections and re-runs this initialization sequence.  Sending this sig-
     nal is required both after	editing	the configuration file and after log

     syslogd opens a UDP socket, as specified in /etc/services,	for sending
     forwarded messages.  By default all incoming data on this socket is dis-
     carded.  If insecure mode is switched on with -u, it will also read mes-
     sages from	the socket.  syslogd also opens	and reads messages from	the
     UNIX-domain socket	/dev/log, and from the special device /dev/klog	(to
     read kernel messages), and	from sendsyslog(2) (to read messages from
     userland processes).

     The message sent to syslogd should	consist	of a single line.  Embedded
     new line characters are converted to spaces; binary data is encoded by
     vis(3).  The message can contain a	priority code, which should be a pre-
     ceding decimal number in angle braces, for	example, "<5>".	 This priority
     code should map into the priorities defined in the	include	file

     When sending syslog messages to a remote loghost via TLS, the server's
     certificate and hostname are validated to prevent malicious servers from
     reading messages.	If the server has a certificate	with a matching	host-
     name signed by a CA in /etc/ssl/cert.pem, it is verified with that	by de-
     fault.  If	the server has a certificate with a matching hostname signed
     by	a private CA, use the -C option	and put	that CA	into CAfile.  Valida-
     tion can be explicitly turned off using the -V option.  If	the server is
     accepting messages	only from clients with a trusted client	certificate,
     use the -k	and -c options to authenticate syslogd with this certificate.

     When receiving syslog messages from a TLS client, there must be a server
     key and certificate in /etc/ssl/private/host[:port].key and
     /etc/ssl/host[:port].crt.	If the client uses certificates	to authenti-
     cate, the CA of the client's certificate may be added to CAfile using the
     -K	option to protect from messages	being spoofed by malicious senders.

     /dev/log		  Name of the UNIX-domain datagram log socket.
     /dev/klog		  Kernel log device.
     /etc/ssl/		  Private keys and public certificates.
     /etc/syslog.conf	  Configuration	file.
     /var/run/  Process ID of	current	syslogd.

     logger(1),	syslog(3), services(5),	syslog.conf(5),	newsyslog(8),

     The syslogd command appeared in 4.3BSD.

     syslogd does not create files, it only logs to existing ones.

BSD			      September	27, 2018			   BSD


Want to link to this manual page? Use this URL:

home | help