unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



syslogd(8)							   syslogd(8)



NAME

  syslogd - Logs system	messages

SYNOPSIS

  /usr/sbin/syslogd [-b	rcv-buf-size] [-d] [-e]	[-E] [-f cfg-file] [-m mk-
  interval] [-p	path] [-r] [-R]	[-s]

OPTIONS

  -b rcv-buf-size
      Specifies	the size in Kbytes of the socket receive buffer.  The default
      and maximum is 128 Kb. If	you attempt to specify a larger	size buffer
      it is automatically reduced to 128 Kb.  Setting the buffer to a small
      value could result in messages being lost	during periods of high log-
      ging activity.

  -d  Turns on the debugging feature.

  -e  Specifies	that events are	to be posted to	the Event Manager, EVM.	This
      is the default behavior and the syslogd daemon always restarts in	event
      forwarding mode unless you specify the -E	option.

  -E  Turns off	the default posting of events to the Event Manager, EVM.

  -f cfg-file
      Specifies	an alternate configuration file.

  -m mk-interval
      Specifies	the mark interval.

  -p path
      Specifies	the pathname of	the UNIX domain	socket to be used in making
      connections to the syslogd daemon.  The default is /dev/log.  You
      should not change	this default in	normal operation because the client
      functions	syslog and openlog. See	syslog(3) and openlog(3) reference
      pages.

  -r  Allows the syslogd daemon	to create an inet port for remote access.
      This is the default behavior.  Use the -R	option to prevent the syslogd
      daemon from creating an inet port.    If you specify the -r and -R
      options together,	the last one specified takes precedence.

  -R  Prevents the syslogd daemon from creating	an inet	port.  Using the -R
      option prevents all remote access. Remote	systems	cannot send messages
      to be logged locally, and	the local daemon cannot	send messages to be
      logged remotely.	If you specify the -r and -R options together, the
      last one specified takes precedence.

  -s  Disables the posting of events to	the console.



DESCRIPTION

  The syslogd daemon reads and logs messages to	a set of files described in
  the /etc/syslog.conf configuration file.

  Each message logged consists of one line. A message can contain a priority
  code,	marked by a number in angle braces at the beginning of the line.
  Priorities are defined in the	/usr/include/sys/syslog_pri.h file.  The sys-
  logd daemon reads from the domain socket /dev/log, from an Internet domain
  socket specified in /etc/services, and from the special device /dev/klog,
  which	reads kernel messages. The syslogd daemon configures when it starts
  up and when it receives a hangup (SIGHUP) signal.  To	reconfigure the	dae-
  mon, use the ps command to identify the daemon's process identifier (PID)
  and then use the following command:

       # kill -HUP pid

  (The PID of the daemon is also recorded in /var/run/syslog.pid). This	com-
  mand causes the daemon to read the revised configuration file.

  The /etc/syslog.conf file contains entries that specify the facility (the
  part of the system that generated the	error),	the error message severity
  level, and the destination to	which the syslogd daemon sends the messages.
  Each line of the /etc/syslog.conf file contains an entry.

  The following	is an example of an /etc/syslog.conf file:

       #
       # syslogd config	file
       #
       # facilities: kern user mail daemon auth	syslog lpr binary
       # priorities: emerg alert crit err warning notice info debug
       kern.debug	       /var/adm/syslog/kern.log
       user.debug	       /var/adm/syslog/user.log
       daemon.debug	       /var/adm/syslog/daemon.log
       auth.debug	       /var/adm/syslog/auth.log
       syslog.debug	       /var/adm/syslog/syslog.log
       mail,lpr.debug	       /var/adm/syslog/misc.log
       binary.err	       /var/adm/binary.errlog
       msgbuf.err	       /var/adm/crash/msgbuf.savecore
       kern.debug	       /var/adm/messages
       kern.debug	       /dev/console
       *.emerg		       *

  The facility and its severity	level must be separated	by a period (.).  You
  can specify more than	one facility on	a line by separating them with com-
  mas.	You can	specify	more than one facility and severity level on a line
  by separating	them with semicolons.

  The facility and its severity	level must be separated	from the destination
  by one or more tab characters	or spaces.

  If you specify an asterisk (*) for a facility, messages generated by all
  parts	of the system are logged. All messages of the specified	level and of
  a greater severity are logged. Blank lines and lines beginning with #
  (number sign)	are ignored.

  For example:

       *.emerg;mail,daemon.crit		 /var/adm/syslog/misc.log

  This line logs all facilities	at the emerg level (and	higher)	and the	mail
  and daemon facilities	at the crit (or	higher)	level to the
  /var/adm/syslog/misc.log destination file.

  Known	facilities and levels recognized by the	syslogd	daemon are those
  listed in /usr/include/sys/syslog_pri.h without the leading LOG_.  The
  additional facility mark has a message at priority LOG_INFO sent to it
  every	20 minutes (this may be	changed	with the -m option).  The mark facil-
  ity is not enabled by	a facility field containing an * (asterisk). The
  level	none may be used to disable a particular facility. For example:

       *.debug;mail.none	      /var/adm/syslog/misc.log

  The previous entry sends all messages	except mail messages to	the
  /var/adm/syslog/misc.log file.

  There	are four possibilities for the message destination:

    +  A filename that begins with a leading / (slash).	The syslogd daemon
       will open the file in append mode.

    +  A hostname preceded by an @ (at sign).  Selected	messages are for-
       warded to the syslogd daemon on the named host.

    +  A comma separated list of users.	 Selected messages are written to
       those users if they are logged in.

    +  An * (asterisk).	Selected messages are written to all users who are
       logged in.

  For example:

       kern,mark.debug /dev/console
       *.notice;mail.info      /var/adm/syslog/mail
       *.crit  /var/adm/syslog/critical
       kern.err	       @ucbarpa
       *.emerg *
       *.alert eric,kridle
       *.alert;auth.warning    ralph

  The preceding	configuration file logs	messages as follows:

    +  Logs all	kernel messages	and 20 minute marks onto the system console

    +  Logs all	notice (or higher) level messages and all mail system mes-
       sages except debug messages into	the file /var/adm/syslog/mail

    +  Logs all	critical messages into the /var/adm/syslog/critical file

    +  Forwards	kernel messages	of error severity or higher to ucbarpa.

    +  Informs all users of any	emergency messages, informs users eric and
       kridle of any alert messages, and informs user ralph of any alert mes-
       sage or any warning message (or higher) from the	authorization system.

  Destinations for logged messages can be specified with full pathnames	that
  begin	with a leading / (slash).  The syslogd daemon then opens the speci-
  fied file(s) in append mode. If the pathname to a syslogd daemon log file
  that is specified in the syslog.conf file as a /var/adm/syslog.dated/file,
  the syslogd daemon inserts a date directory, and thus	produces a day-by-day
  account of the messages received, directly above file	in the directory
  structure.  Typically, you will want to divert messages separately, accord-
  ing to facility, into	files such as kern.log,	mail.log, lpr.log, and
  debug.log. The file /var/adm/syslog.dated/current is a link to the most
  recent log file directory.

  If some pathname other than /var/adm/syslog.dated/file is specified as the
  pathname to the logfile, the syslogd daemon does not create the daily	date
  directory.  For example, if you specify /var/adm/syslog/mail.log (without
  the .dated suffix after syslog), the syslogd daemon simply logs messages to
  the mail.log file and	allows this file to grow indefinitely.

  The syslogd daemon can recover the messages in the kernel syslog buffer
  that were not	logged to the files specified in the /etc/syslog.conf file
  because a system crash occurred. The savecore	command	copies the buffer
  recovered from the dump to the file specified	in the "msgbuf.err" entry in
  the /etc/syslog.conf file.  When the syslogd daemon starts up, it looks for
  this file and, if it exists, processes and then deletes the file.

  Configuration


  The syslogd daemon acts as a central routing facility	for messages whose
  formats are determined by the	programs that produce them.

  The syslogd daemon creates the /var/run/syslog.pid file if possible. The
  file contains	a single line with its process ID. This	can be used to kill
  or reconfigure the syslogd daemon. For example, if you modify	the
  syslog.conf file and you want	to implement the changes, use the following
  command:

       # kill -HUP `cat	/var/run/syslog.pid`


  If a syslog.conf configuration file does not exist, the syslogd daemon uses
  the following	defaults:

       *.ERR	       /dev/console
       *.PANIC	       *

  The defaults log all error messages to the console and all panic messages
  (from	the kernel) to all logged-in users. No files are written.

  To turn off printing of syslog messages to the console, please refer to the
  syslog(1) reference page.

  Remote Message Forwarding


  The syslog has a remote message forwarding function.	As a security
  feature, this	capability is turned off by default. If	you intend to config-
  ure other hosts to forward syslog messages to	a local	host, use the su com-
  mand to become superuser (root) and manually create the /etc/syslog.auth
  file using a text editor on the local	host.

  The /etc/syslog.auth file specifies which remote hosts are allowed to	for-
  ward syslog messages to the local host. Unless the domain host name of a
  remote host is given in the local /etc/syslog.auth file, the local host
  will not log any messages from that remote host. Note	that if	no
  /etc/syslog.auth file	exists on the local host, then any remote hosts	that
  can establish	a network connection will be able to log messages. See the
  syslog.auth(4) reference page	for information.

  Event	Management


  By default, the syslogd daemon initializes with the -e option, and its
  events are forwarded to the Event Management utility (EVM).  If the syslogd
  daemon is restarted, event fowarding also restarts by	default. If you	do
  not want event forwarding to restart automatically, you can turn it off
  using	the -E option.

  Messages from	the syslogd daemon are converted to EVM	events and notified
  to the EVM daemon.  Refer to the EVM(5) reference page and System Adminis-
  tration for more information on EVM.


FILES

  /usr/sbin/syslogd
      Specifies	the command path

  /etc/syslog.conf
      Configuration file.

  /var/run/syslog.pid
      Process ID.

  /etc/syslog.auth
      Specifies	what remote hosts can forward messages to the local host.

  /etc/syslog_evm.conf
      Contains configuration information that specifies	what syslogd messages
      will be forwarded	to the Event Manager, EVM.

  /usr/sbin/syslog
      Enables and disables printing to the console device.

  /dev/log
      The name of the domain datagram log socket.

  /dev/klog
      Kernel log device.

  /var/adm/syslog.dated
      The directory where daily	log subdirectories reside.

  /var/adm/syslog.dated/current
      A	link to	the directory containing the most recent daily log files.

SEE ALSO

  Commands: logger(1), syslog(1), savecore(8).

  Functions: syslog(3),	openlog(3).

  Files: syslog.auth(4), syslog.conf(4), syslog_evm.conf(4).

  Other: EVM(5).

  Network Administration: Connections, Network Administration: Services, and
  System Administration.