1 '\" te
   2 .\" Copyright (c) 2013 Gary Mills
   3 .\" Copyright (C) 2008, Sun Microsystems, Inc. All Rights Reserved
   4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
   5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
   6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   7 .TH SYSLOGD 1M "Oct 17, 2013"
   8 .SH NAME
   9 syslogd \- log system messages
  10 .SH SYNOPSIS
  11 .LP
  12 .nf
  13 \fB/usr/sbin/syslogd\fR [\fB-d\fR] [\fB-f\fR \fIconfigfile\fR] [\fB-m\fR \fImarkinterval\fR]
  14      [\fB-p\fR \fIpath\fR] [\fB-t\fR | \fB-T\fR]
  15 .fi
  16 
  17 .SH DESCRIPTION
  18 .sp
  19 .LP
  20 \fBsyslogd\fR reads and forwards system messages to the appropriate log files
  21 or users, depending upon the priority of a message and the system facility from
  22 which it originates. The configuration file \fB/etc/syslog.conf\fR (see
  23 \fBsyslog.conf\fR(4)) controls where messages are forwarded. \fBsyslogd\fR logs
  24 a mark (timestamp) message every \fImarkinterval\fR minutes (default \fB20\fR)
  25 at priority \fBLOG_INFO\fR to the facility whose name is given as \fBmark\fR in
  26 the \fBsyslog.conf\fR file.
  27 .sp
  28 .LP
  29 A system message consists of a single line of text, which may be prefixed with
  30 a priority code number enclosed in angle-brackets (\fB<\|>\fR); priorities are
  31 defined in \fB<sys/syslog.h>\fR\&.
  32 .sp
  33 .LP
  34 \fBsyslogd\fR reads from the \fBSTREAMS\fR log driver, \fB/dev/log\fR, and from
  35 any transport provider specified in \fB/etc/netconfig\fR,
  36 \fB/etc/net/transport/hosts\fR, and \fB/etc/net/transport/services\fR.
  37 .sp
  38 .LP
  39 \fBsyslogd\fR reads the configuration file when it starts up, and again
  40 whenever it receives a \fBHUP\fR signal (see \fBsignal.h\fR(3HEAD), at which
  41 time it also closes all files it has open, re-reads its configuration file, and
  42 then opens only the log files that are listed in that file. \fBsyslogd\fR exits
  43 when it receives a \fBTERM\fR signal.
  44 .sp
  45 .LP
  46 As it starts up, \fBsyslogd\fR creates the file \fB/var/run/syslog.pid\fR, if
  47 possible, containing its process identifier (\fBPID\fR).
  48 .sp
  49 .LP
  50 If message \fBID\fR generation is enabled (see \fBlog\fR(7D)), each message
  51 will be preceded by an identifier in the following format: \fB[ID\fR \fImsgid
  52 facility\fR\fB\&.\fR\fIpriority\fR\fB]\fR. \fImsgid\fR is the message's numeric
  53 identifier described in \fBmsgid\fR(1M). \fIfacility\fR and \fIpriority\fR are
  54 described in \fBsyslog.conf\fR(4). \fB[ID 123456 kern.notice]\fR is an example
  55 of an identifier when message \fBID\fR generation is enabled.
  56 .sp
  57 .LP
  58 If the message originated in a loadable kernel module or driver, the kernel
  59 module's name (for example, \fBufs\fR) will be displayed instead of \fBunix\fR.
  60 See \fBEXAMPLES\fR for sample output from \fBsyslogd\fR with and without
  61 message \fBID\fR generation enabled.
  62 .sp
  63 .LP
  64 In an effort to reduce visual clutter, message \fBID\fRs are not displayed when
  65 writing to the console; message \fBID\fRs are only written to the log file.
  66 See \fBEXAMPLES\fR.
  67 .sp
  68 .LP
  69 The \fB/etc/default/syslogd\fR file contains the following default parameter
  70 settings, which are in effect if neither the \fB-t\fR nor \fB-T\fR option is
  71 selected. See \fBFILES\fR.
  72 .sp
  73 .LP
  74 The recommended way to allow or disallow message logging is through the use of
  75 the service management facility (\fBsmf\fR(5)) property:
  76 .sp
  77 .in +2
  78 .nf
  79 svc:/system/system-log/config/log_from_remote
  80 .fi
  81 .in -2
  82 
  83 .sp
  84 .LP
  85 This property specifies whether remote messages are logged.
  86 \fBlog_from_remote=true\fR is equivalent to the \fB-t\fR command-line option
  87 and \fBfalse\fR is equivalent to the \fB-T\fR command-line option. The default
  88 value for \fB-log_from_remote\fR is \fBfalse\fR. See NOTES, below.
  89 .sp
  90 .ne 2
  91 .na
  92 \fB\fBLOG_FROM_REMOTE\fR\fR
  93 .ad
  94 .sp .6
  95 .RS 4n
  96 Specifies whether remote messages are logged. \fBLOG_FROM_REMOTE=NO\fR is
  97 equivalent to the \fB-t\fR command-line option. The default value for
  98 \fBLOG_FROM_REMOTE\fR is \fBYES\fR.
  99 .RE
 100 
 101 .SH OPTIONS
 102 .sp
 103 .LP
 104 The following options are supported:
 105 .sp
 106 .ne 2
 107 .na
 108 \fB\fB-d\fR\fR
 109 .ad
 110 .sp .6
 111 .RS 4n
 112 Turn on debugging. This option should only be used interactively in a root
 113 shell once the system is in multi-user mode. It should \fBnot\fR be used in the
 114 system start-up scripts, as this will cause the system to hang at the point
 115 where \fBsyslogd\fR is started.
 116 .RE
 117 
 118 .sp
 119 .ne 2
 120 .na
 121 \fB\fB-f\fR \fIconfigfile\fR\fR
 122 .ad
 123 .sp .6
 124 .RS 4n
 125 Specify an alternate configuration file.
 126 .RE
 127 
 128 .sp
 129 .ne 2
 130 .na
 131 \fB\fB-m\fR \fImarkinterval\fR\fR
 132 .ad
 133 .sp .6
 134 .RS 4n
 135 Specify an interval, in minutes, between mark messages.
 136 .RE
 137 
 138 .sp
 139 .ne 2
 140 .na
 141 \fB\fB-p\fR \fIpath\fR\fR
 142 .ad
 143 .sp .6
 144 .RS 4n
 145 Specify an alternative log device name. The default is \fB/dev/log\fR.
 146 .RE
 147 
 148 .sp
 149 .ne 2
 150 .na
 151 \fB\fB-T\fR\fR
 152 .ad
 153 .sp .6
 154 .RS 4n
 155 Enable the \fBsyslogd\fR \fBUDP\fR port to turn on logging of remote messages.
 156 This is the default behavior. See \fBEXAMPLES\fR.
 157 .RE
 158 
 159 .sp
 160 .ne 2
 161 .na
 162 \fB\fB-t\fR\fR
 163 .ad
 164 .sp .6
 165 .RS 4n
 166 Disable the \fBsyslogd\fR \fBUDP\fR port to turn off logging of remote
 167 messages. See \fBEXAMPLES\fR.
 168 .RE
 169 
 170 .SH EXAMPLES
 171 .LP
 172 \fBExample 1 \fR\fBsyslogd\fR Output Without Message ID Generation Enabled
 173 .sp
 174 .LP
 175 The following example shows the output from \fBsyslogd\fR when message \fBID\fR
 176 generation \fBis not\fR enabled:
 177 
 178 .sp
 179 .in +2
 180 .nf
 181 Sep 29 21:41:18 cathy unix: alloc /: file system full
 182 .fi
 183 .in -2
 184 .sp
 185 
 186 .LP
 187 \fBExample 2 \fR\fBsyslogd\fR Output with ID generation Enabled
 188 .sp
 189 .LP
 190 The following example shows the output from \fBsyslogd\fR when message \fBID\fR
 191 generation \fBis\fR enabled. The message \fBID\fR is displayed when writing to
 192 log file\fB/var/adm/messages\fR.
 193 
 194 .sp
 195 .in +2
 196 .nf
 197 Sep 29 21:41:18 cathy ufs: [ID 845546 kern.notice]
 198                                     alloc /: file system full
 199 .fi
 200 .in -2
 201 .sp
 202 
 203 .LP
 204 \fBExample 3 \fR\fBsyslogd\fR Output with ID Generation Enabled
 205 .sp
 206 .LP
 207 The following example shows the output from \fBsyslogd\fR when message \fBID\fR
 208 generation \fBis\fR enabled when writing to the console. Even though message ID
 209 is enabled, the message \fBID\fR is not displayed at the console.
 210 
 211 .sp
 212 .in +2
 213 .nf
 214 Sep 29 21:41:18 cathy ufs: alloc /: file system full
 215 .fi
 216 .in -2
 217 .sp
 218 
 219 .LP
 220 \fBExample 4 \fREnabling Acceptance of UDP Messages from Remote Systems
 221 .sp
 222 .LP
 223 The following commands enable \fBsyslogd\fR to accept entries from remote
 224 systems.
 225 
 226 .sp
 227 .in +2
 228 .nf
 229 # \fBsvccfg -s svc:/system/system-log setprop config/log_from_remote = true\fR
 230 # \fBsvcadm restart svc:/system/system-log\fR
 231 .fi
 232 .in -2
 233 .sp
 234 
 235 .SH FILES
 236 .sp
 237 .ne 2
 238 .na
 239 \fB\fB/etc/syslog.conf\fR\fR
 240 .ad
 241 .sp .6
 242 .RS 4n
 243 Configuration file
 244 .RE
 245 
 246 .sp
 247 .ne 2
 248 .na
 249 \fB\fB/var/run/syslog.pid\fR\fR
 250 .ad
 251 .sp .6
 252 .RS 4n
 253 Process \fBID\fR
 254 .RE
 255 
 256 .sp
 257 .ne 2
 258 .na
 259 \fB\fB/etc/default/syslogd\fR\fR
 260 .ad
 261 .sp .6
 262 .RS 4n
 263 Contains default settings. You can override some of the settings by
 264 command-line options.
 265 .RE
 266 
 267 .sp
 268 .ne 2
 269 .na
 270 \fB\fB/dev/log\fR\fR
 271 .ad
 272 .sp .6
 273 .RS 4n
 274 \fBSTREAMS\fR log driver
 275 .RE
 276 
 277 .sp
 278 .ne 2
 279 .na
 280 \fB\fB/etc/netconfig\fR\fR
 281 .ad
 282 .sp .6
 283 .RS 4n
 284 Transport providers available on the system
 285 .RE
 286 
 287 .sp
 288 .ne 2
 289 .na
 290 \fB\fB/etc/net/transport/hosts\fR\fR
 291 .ad
 292 .sp .6
 293 .RS 4n
 294 Network hosts for each transport
 295 .RE
 296 
 297 .sp
 298 .ne 2
 299 .na
 300 \fB\fB/etc/net/transport/services\fR\fR
 301 .ad
 302 .sp .6
 303 .RS 4n
 304 Network services for each transport
 305 .RE
 306 
 307 .SH SEE ALSO
 308 .sp
 309 .LP
 310 \fBlogger\fR(1), \fBsvcs\fR(1), \fBmsgid\fR(1M), \fBsvcadm\fR(1M),
 311 \fBsvccfg\fR(1M), \fBsyslog\fR(3C), \fBsyslog.conf\fR(4), \fBattributes\fR(5),
 312 \fBsignal.h\fR(3HEAD), \fBsmf\fR(5), \fBlog\fR(7D)
 313 .SH NOTES
 314 .sp
 315 .LP
 316 The \fBmark\fR message is a system time stamp, and so it is only defined for
 317 the system on which \fBsyslogd\fR is running. It can not be forwarded to other
 318 systems.
 319 .sp
 320 .LP
 321 When \fBsyslogd\fR receives a \fBHUP\fR signal, it attempts to complete
 322 outputting pending messages, and close all log files to which it is currently
 323 logging messages. If, for some reason, one (or more) of these files does not
 324 close within a generous grace period, \fBsyslogd\fR discards the pending
 325 messages, forcibly closes these files, and starts reconfiguration. If this
 326 shutdown procedure is disturbed by an unexpected error and \fBsyslogd\fR cannot
 327 complete reconfiguration, \fBsyslogd\fR sends a mail message to the superuser
 328 on the current system stating that it has shut down, and exits.
 329 .sp
 330 .LP
 331 Care should be taken to ensure that each window displaying messages forwarded
 332 by \fBsyslogd\fR (especially console windows) is run in the system default
 333 locale (which is \fBsyslogd\fR's locale). If this advice is not followed, it is
 334 possible for a \fBsyslog\fR message to alter the terminal settings for that
 335 window, possibly even allowing remote execution of arbitrary commands from that
 336 window.
 337 .sp
 338 .LP
 339 The \fBsyslogd\fR service is managed by the service management facility,
 340 \fBsmf\fR(5), under the service identifier:
 341 .sp
 342 .in +2
 343 .nf
 344  svc:/system/system-log:default
 345 .fi
 346 .in -2
 347 .sp
 348 
 349 .sp
 350 .LP
 351 Administrative actions on this service, such as enabling, disabling, or
 352 requesting restart, can be performed using \fBsvcadm\fR(1M). The service's
 353 status can be queried using the \fBsvcs\fR(1) command.
 354 .sp
 355 .LP
 356 When \fBsyslogd\fR is started by means of \fBsvcadm\fR(1M), if a value is
 357 specified for \fBLOG_FROM_REMOTE\fR in the \fB/etc/defaults/syslogd\fR file,
 358 the SMF property \fBsvc:/system/system-log/config/log_from_remote\fR is set to
 359 correspond to the \fBLOG_FROM_REMOTE\fR value and the
 360 \fB/etc/default/syslogd\fR file is modified to replace the
 361 \fBLOG_FROM_REMOTE\fR specification with the following comment:
 362 .sp
 363 .in +2
 364 .nf
 365 # LOG_FROM_REMOTE is now set using svccfg(1m), see syslogd(1m).
 366 .fi
 367 .in -2
 368 
 369 .sp
 370 .LP
 371 If neither \fBLOG_FROM_REMOTE\fR nor
 372 \fBsvc:/system/system-log/config/log_from_remote\fR are defined, the default is
 373 to log remote messages.
 374 .sp
 375 .LP
 376 On installation, the initial value of
 377 \fBsvc:/system/system-log/config/log_from_remote\fR is \fBfalse\fR.