SYSLOGD(8) BSD System Manager's Manual SYSLOGD(8)
syslogd -- log systems messages
syslogd [-46dhnuV] [-a path] [-C CAfile] [-f config_file]
[-m mark_interval] [-p log_socket] [-s reporting_socket]
syslogd reads and logs messages to the system console, log files, pipes
to other programs, other machines and/or users as specified by its con-
The options are as follows:
-4 Forces syslogd to use only IPv4 addresses for UDP.
-6 Forces syslogd to use only IPv6 addresses for UDP.
Specify a location where syslogd should place an additional log
socket. Up to 20 additional logging sockets can be specified.
The primary use for this is to place additional log sockets in
/dev/log of various chroot filespaces, though the need for these
is less urgent after the introduction of sendsyslog(2).
PEM encoded file containing CA certificates used for certificate
validation; the default is /etc/ssl/cert.pem.
-d Enable debugging to the standard output, and do not disassociate
from the controlling terminal.
Specify the pathname of an alternate configuration file; the
default is /etc/syslog.conf.
-h Include the hostname when forwarding messages to a remote host.
Select the number of minutes between ``mark'' messages; the
default is 20 minutes.
-n Print source addresses numerically rather than symbolically.
This saves an address-to-name lookup for each incoming message,
which can be useful when combined with the -u option on a loghost
with no DNS cache. Messages from the local host will still be
logged with the symbolic local host name.
Specify the pathname of an alternate log socket to be used
instead; the default is /dev/log.
Specify path to an AF_LOCAL socket for use in reporting logs
stored in memory buffers using syslogc(8).
-u Select the historical ``insecure'' mode, in which syslogd will
accept input from the UDP port. Some software wants this, but
you can be subjected to a variety of attacks over the network,
including attackers remotely filling logs.
-V Do not perform server certificate and hostname validation.
syslogd reads its configuration file when it starts up and whenever it
receives a hangup signal. For information on the format of the configu-
ration file, see syslog.conf(5).
syslogd creates the file /var/run/syslog.pid, and stores its process ID
there. This can be used to kill or reconfigure syslogd.
syslogd opens an Internet domain socket as specified in /etc/services.
Normally syslogd will only use this socket to send messages outwards, but
in ``insecure'' mode it will also read messages from this socket.
syslogd also opens and reads messages from the UNIX-domain socket
/dev/log, and from the special device /dev/klog (to read kernel mes-
syslogd opens the above described socket whether or not it is running in
secure mode. If syslogd is running in secure mode, all incoming data on
this socket is discarded. The socket is required for sending forwarded
The message sent to syslogd should consist of a single line. The message
can contain a priority code, which should be a preceding decimal number
in angle braces, for example, ``<5>''. This priority code should map
into the priorities defined in the include file <sys/syslog.h>.
/etc/syslog.conf configuration file
/var/run/syslog.pid process ID of current syslogd
/dev/log name of the UNIX-domain datagram log socket
/dev/klog kernel log device
logger(1), syslog(3), services(5), syslog.conf(5), newsyslog(8),
The syslogd command appeared in 4.3BSD.
syslogd does not create files, it only logs to existing ones.
BSD March 30, 2017 BSD