illumos4211-1 Old usr/src/man/man1m/syslogd.1m

   1 '\" te
   2 .\" Copyright (C) 2008, Sun Microsystems, Inc. All Rights Reserved
   3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
   4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
   5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   6 .TH SYSLOGD 1M "Oct 31, 2008"
   7 .SH NAME
   8 syslogd \- log system messages
   9 .SH SYNOPSIS
  10 .LP
  11 .nf
  12 \fB/usr/sbin/syslogd\fR [\fB-d\fR] [\fB-f\fR \fIconfigfile\fR] [\fB-m\fR \fImarkinterval\fR]
  13      [\fB-p\fR \fIpath\fR] [\fB-t\fR | \fB-T\fR]
  14 .fi
  15 
  16 .SH DESCRIPTION
  17 .sp
  18 .LP
  19 \fBsyslogd\fR reads and forwards system messages to the appropriate log files
  20 or users, depending upon the priority of a message and the system facility from
  21 which it originates. The configuration file \fB/etc/syslog.conf\fR (see
  22 \fBsyslog.conf\fR(4)) controls where messages are forwarded. \fBsyslogd\fR logs
  23 a mark (timestamp) message every \fImarkinterval\fR minutes (default \fB20\fR)
  24 at priority \fBLOG_INFO\fR to the facility whose name is given as \fBmark\fR in
  25 the \fBsyslog.conf\fR file.
  26 .sp
  27 .LP
  28 A system message consists of a single line of text, which may be prefixed with
  29 a priority code number enclosed in angle-brackets (\fB<\|>\fR); priorities are
  30 defined in \fB<sys/syslog.h>\fR\&.
  31 .sp
  32 .LP
  33 \fBsyslogd\fR reads from the \fBSTREAMS\fR log driver, \fB/dev/log\fR, and from
  34 any transport provider specified in \fB/etc/netconfig\fR,
  35 \fB/etc/net/transport/hosts\fR, and \fB/etc/net/transport/services\fR.
  36 .sp
  37 .LP
  38 \fBsyslogd\fR reads the configuration file when it starts up, and again
  39 whenever it receives a \fBHUP\fR signal (see \fBsignal.h\fR(3HEAD), at which
  40 time it also closes all files it has open, re-reads its configuration file, and
  41 then opens only the log files that are listed in that file. \fBsyslogd\fR exits
  42 when it receives a \fBTERM\fR signal.
  43 .sp
  44 .LP
  45 As it starts up, \fBsyslogd\fR creates the file \fB/var/run/syslog.pid\fR, if
  46 possible, containing its process identifier (\fBPID\fR).
  47 .sp
  48 .LP
  49 If message \fBID\fR generation is enabled (see \fBlog\fR(7D)), each message
  50 will be preceded by an identifier in the following format: \fB[ID\fR \fImsgid
  51 facility\fR\fB\&.\fR\fIpriority\fR\fB]\fR. \fImsgid\fR is the message's numeric
  52 identifier described in \fBmsgid\fR(1M). \fIfacility\fR and \fIpriority\fR are
  53 described in \fBsyslog.conf\fR(4). \fB[ID 123456 kern.notice]\fR is an example
  54 of an identifier when message \fBID\fR generation is enabled.
  55 .sp
  56 .LP
  57 If the message originated in a loadable kernel module or driver, the kernel
  58 module's name (for example, \fBufs\fR) will be displayed instead of \fBunix\fR.
  59 See \fBEXAMPLES\fR for sample output from \fBsyslogd\fR with and without
  60 message \fBID\fR generation enabled.
  61 .sp
  62 .LP
  63 In an effort to reduce visual clutter, message \fBID\fRs are not displayed when
  64 writing to the console; message \fBID\fRs are only written to the log file.
  65 See .
  66 .sp
  67 .LP
  68 The \fB/etc/default/syslogd\fR file contains the following default parameter
  69 settings, which are in effect if neither the \fB-t\fR nor \fB-T\fR option is
  70 selected. See \fBFILES\fR.
  71 .sp
  72 .LP
  73 The recommended way to allow or disallow message logging is through the use of
  74 the service management facility (\fBsmf\fR(5)) property:
  75 .sp
  76 .in +2
  77 .nf
  78 svc:/system/system-log/config/log_from_remote
  79 .fi
  80 .in -2
  81 
  82 .sp
  83 .LP
  84 This property specifies whether remote messages are logged.
  85 \fBlog_from_remote=true\fR is equivalent to the \fB-t\fR command-line option
  86 and \fBfalse\fR is equivalent to the \fB-T\fR command-line option. The default
  87 value for \fB-log_from_remote\fR is \fBfalse\fR. See NOTES, below.
  88 .sp
  89 .ne 2
  90 .na
  91 \fB\fBLOG_FROM_REMOTE\fR\fR
  92 .ad
  93 .sp .6
  94 .RS 4n
  95 Specifies whether remote messages are logged. \fBLOG_FROM_REMOTE=NO\fR is
  96 equivalent to the \fB-t\fR command-line option. The default value for
  97 \fBLOG_FROM_REMOTE\fR is \fBYES\fR.
  98 .RE
  99 
 100 .SH OPTIONS
 101 .sp
 102 .LP
 103 The following options are supported:
 104 .sp
 105 .ne 2
 106 .na
 107 \fB\fB-d\fR\fR
 108 .ad
 109 .sp .6
 110 .RS 4n
 111 Turn on debugging. This option should only be used interactively in a root
 112 shell once the system is in multi-user mode. It should \fBnot\fR be used in the
 113 system start-up scripts, as this will cause the system to hang at the point
 114 where \fBsyslogd\fR is started.
 115 .RE
 116 
 117 .sp
 118 .ne 2
 119 .na
 120 \fB\fB-f\fR \fIconfigfile\fR\fR
 121 .ad
 122 .sp .6
 123 .RS 4n
 124 Specify an alternate configuration file.
 125 .RE
 126 
 127 .sp
 128 .ne 2
 129 .na
 130 \fB\fB-m\fR \fImarkinterval\fR\fR
 131 .ad
 132 .sp .6
 133 .RS 4n
 134 Specify an interval, in minutes, between mark messages.
 135 .RE
 136 
 137 .sp
 138 .ne 2
 139 .na
 140 \fB\fB-p\fR \fIpath\fR\fR
 141 .ad
 142 .sp .6
 143 .RS 4n
 144 Specify an alternative log device name. The default is \fB/dev/log\fR.
 145 .RE
 146 
 147 .sp
 148 .ne 2
 149 .na
 150 \fB\fB-T\fR\fR
 151 .ad
 152 .sp .6
 153 .RS 4n
 154 Enable the \fBsyslogd\fR \fBUDP\fR port to turn on logging of remote messages.
 155 This is the default behavior. See .
 156 .RE
 157 
 158 .sp
 159 .ne 2
 160 .na
 161 \fB\fB-t\fR\fR
 162 .ad
 163 .sp .6
 164 .RS 4n
 165 Disable the \fBsyslogd\fR \fBUDP\fR port to turn off logging of remote
 166 messages. See .
 167 .RE
 168 
 169 .SH EXAMPLES
 170 .LP
 171 \fBExample 1 \fR\fBsyslogd\fR Output Without Message ID Generation Enabled
 172 .sp
 173 .LP
 174 The following example shows the output from \fBsyslogd\fR when message \fBID\fR
 175 generation \fBis not\fR enabled:
 176 
 177 .sp
 178 .in +2
 179 .nf
 180 Sep 29 21:41:18 cathy unix: alloc /: file system full
 181 .fi
 182 .in -2
 183 .sp
 184 
 185 .LP
 186 \fBExample 2 \fR\fBsyslogd\fR Output with ID generation Enabled
 187 .sp
 188 .LP
 189 The following example shows the output from \fBsyslogd\fR when message \fBID\fR
 190 generation \fBis\fR enabled. The message \fBID\fR is displayed when writing to
 191 log file\fB/var/adm/messages\fR.
 192 
 193 .sp
 194 .in +2
 195 .nf
 196 Sep 29 21:41:18 cathy ufs: [ID 845546 kern.notice]
 197                                     alloc /: file system full
 198 .fi
 199 .in -2
 200 .sp
 201 
 202 .LP
 203 \fBExample 3 \fR\fBsyslogd\fR Output with ID Generation Enabled
 204 .sp
 205 .LP
 206 The following example shows the output from \fBsyslogd\fR when message \fBID\fR
 207 generation \fBis\fR enabled when writing to the console. Even though message ID
 208 is enabled, the message \fBID\fR is not displayed at the console.
 209 
 210 .sp
 211 .in +2
 212 .nf
 213 Sep 29 21:41:18 cathy ufs: alloc /: file system full
 214 .fi
 215 .in -2
 216 .sp
 217 
 218 .LP
 219 \fBExample 4 \fREnabling Acceptance of UDP Messages from Remote Systems
 220 .sp
 221 .LP
 222 The following commands enable \fBsyslogd\fR to accept entries from remote
 223 systems.
 224 
 225 .sp
 226 .in +2
 227 .nf
 228 # \fBsvccfg -s svc:/system/system-log setprop config/log_from_remote = true\fR
 229 # \fBsvcadm restart svc:/system/system-log\fR
 230 .fi
 231 .in -2
 232 .sp
 233 
 234 .SH FILES
 235 .sp
 236 .ne 2
 237 .na
 238 \fB\fB/etc/syslog.conf\fR\fR
 239 .ad
 240 .sp .6
 241 .RS 4n
 242 Configuration file
 243 .RE
 244 
 245 .sp
 246 .ne 2
 247 .na
 248 \fB\fB/var/run/syslog.pid\fR\fR
 249 .ad
 250 .sp .6
 251 .RS 4n
 252 Process \fBID\fR
 253 .RE
 254 
 255 .sp
 256 .ne 2
 257 .na
 258 \fB\fB/etc/default/syslogd\fR\fR
 259 .ad
 260 .sp .6
 261 .RS 4n
 262 Contains default settings. You can override some of the settings by
 263 command-line options.
 264 .RE
 265 
 266 .sp
 267 .ne 2
 268 .na
 269 \fB\fB/dev/log\fR\fR
 270 .ad
 271 .sp .6
 272 .RS 4n
 273 \fBSTREAMS\fR log driver
 274 .RE
 275 
 276 .sp
 277 .ne 2
 278 .na
 279 \fB\fB/etc/netconfig\fR\fR
 280 .ad
 281 .sp .6
 282 .RS 4n
 283 Transport providers available on the system
 284 .RE
 285 
 286 .sp
 287 .ne 2
 288 .na
 289 \fB\fB/etc/net/transport/hosts\fR\fR
 290 .ad
 291 .sp .6
 292 .RS 4n
 293 Network hosts for each transport
 294 .RE
 295 
 296 .sp
 297 .ne 2
 298 .na
 299 \fB\fB/etc/net/transport/services\fR\fR
 300 .ad
 301 .sp .6
 302 .RS 4n
 303 Network services for each transport
 304 .RE
 305 
 306 .SH SEE ALSO
 307 .sp
 308 .LP
 309 \fBlogger\fR(1), \fBsvcs\fR(1), \fBmsgid\fR(1M), \fBsvcadm\fR(1M),
 310 \fBsvccfg\fR(1M), \fBsyslog\fR(3C), \fBsyslog.conf\fR(4), \fBattributes\fR(5),
 311 \fBsignal.h\fR(3HEAD), \fBsmf\fR(5), \fBlog\fR(7D)
 312 .SH NOTES
 313 .sp
 314 .LP
 315 The \fBmark\fR message is a system time stamp, and so it is only defined for
 316 the system on which \fBsyslogd\fR is running. It can not be forwarded to other
 317 systems.
 318 .sp
 319 .LP
 320 When \fBsyslogd\fR receives a \fBHUP\fR signal, it attempts to complete
 321 outputting pending messages, and close all log files to which it is currently
 322 logging messages. If, for some reason, one (or more) of these files does not
 323 close within a generous grace period, \fBsyslogd\fR discards the pending
 324 messages, forcibly closes these files, and starts reconfiguration. If this
 325 shutdown procedure is disturbed by an unexpected error and \fBsyslogd\fR cannot
 326 complete reconfiguration, \fBsyslogd\fR sends a mail message to the superuser
 327 on the current system stating that it has shut down, and exits.
 328 .sp
 329 .LP
 330 Care should be taken to ensure that each window displaying messages forwarded
 331 by \fBsyslogd\fR (especially console windows) is run in the system default
 332 locale (which is \fBsyslogd\fR's locale). If this advice is not followed, it is
 333 possible for a \fBsyslog\fR message to alter the terminal settings for that
 334 window, possibly even allowing remote execution of arbitrary commands from that
 335 window.
 336 .sp
 337 .LP
 338 The \fBsyslogd\fR service is managed by the service management facility,
 339 \fBsmf\fR(5), under the service identifier:
 340 .sp
 341 .in +2
 342 .nf
 343  svc:/system/system-log:default
 344 .fi
 345 .in -2
 346 .sp
 347 
 348 .sp
 349 .LP
 350 Administrative actions on this service, such as enabling, disabling, or
 351 requesting restart, can be performed using \fBsvcadm\fR(1M). The service's
 352 status can be queried using the \fBsvcs\fR(1) command.
 353 .sp
 354 .LP
 355 When \fBsyslogd\fR is started by means of \fBsvcadm\fR(1M), if a value is
 356 specified for \fBLOG_FROM_REMOTE\fR in the \fB/etc/defaults/syslogd\fR file,
 357 the SMF property \fBsvc:/system/system-log/config/log_from_remote\fR is set to
 358 correspond to the \fBLOG_FROM_REMOTE\fR value and the
 359 \fB/etc/default/syslogd\fR file is modified to replace the
 360 \fBLOG_FROM_REMOTE\fR specification with the following comment:
 361 .sp
 362 .in +2
 363 .nf
 364 # LOG_FROM_REMOTE is now set using svccfg(1m), see syslogd(1m).
 365 .fi
 366 .in -2
 367 
 368 .sp
 369 .LP
 370 If neither \fBLOG_FROM_REMOTE\fR nor
 371 \fBsvc:/system/system-log/config/log_from_remote\fR are defined, the default is
 372 to log remote messages.
 373 .sp
 374 .LP
 375 On installation, the initial value of
 376 \fBsvc:/system/system-log/config/log_from_remote\fR is \fBfalse\fR.