syslogd man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

syslogd(8)							    syslogd(8)

       syslogd - Logs system messages

       /usr/sbin/syslogd  [-b  rcv-buf-size]  [-d] [-e] [-E] [-f cfg-file] [-m
       mk-interval] [-p path] [-r] [-R] [-s]

       Specifies the size in Kbytes of the socket receive buffer.  The default
       and  maximum  is 128 Kb. If you attempt to specify a larger size buffer
       it is automatically reduced to 128 Kb.  Setting the buffer to  a	 small
       value  could  result in messages being lost during periods of high log‐
       ging activity.  Turns on the debugging feature.	Specifies that	events
       are  to be posted to the Event Manager, EVM. This is the default behav‐
       ior and the syslogd daemon always restarts  in  event  forwarding  mode
       unless  you  specify  the  -E option.  Turns off the default posting of
       events to the Event Manager, EVM.  Specifies an alternate configuration
       file.  Specifies the mark interval.  Specifies the pathname of the UNIX
       domain socket to be used in making connections to the  syslogd  daemon.
       The  default is /dev/log.  You should not change this default in normal
       operation because the client functions syslog  and  openlog.  See  sys‐
       log(3)  and  openlog(3)	reference pages.  Allows the syslogd daemon to
       create an inet port for remote access.  This is the  default  behavior.
       Use  the	 -R option to prevent the syslogd daemon from creating an inet
       port.	If you specify the -r and -R options together,	the  last  one
       specified  takes precedence.  Prevents the syslogd daemon from creating
       an inet port.  Using the -R option prevents all remote  access.	Remote
       systems cannot send messages to be logged locally, and the local daemon
       cannot send messages to be logged remotely.  If you specify the -r  and
       -R options together, the last one specified takes precedence.  Disables
       the posting of events to the console.

       The syslogd daemon reads and logs messages to a set of files  described
       in the /etc/syslog.conf configuration file.

       Each  message logged consists of one line. A message can contain a pri‐
       ority code, marked by a number in angle braces at the beginning of  the
       line. Priorities are defined in the /usr/include/sys/syslog_pri.h file.
       The syslogd daemon reads from  the  domain  socket  /dev/log,  from  an
       Internet domain socket specified in /etc/services, and from the special
       device /dev/klog, which reads kernel messages. The syslogd daemon  con‐
       figures	when  it starts up and when it receives a hangup (SIGHUP) sig‐
       nal.  To reconfigure the daemon, use the ps  command  to	 identify  the
       daemon's process identifier (PID) and then use the following command: #
       kill -HUP pid

       (The PID of the daemon is also recorded in  /var/run/  This
       command causes the daemon to read the revised configuration file.

       The  /etc/syslog.conf  file  contains entries that specify the facility
       (the part of the system that generated the error),  the	error  message
       severity	 level,	 and the destination to which the syslogd daemon sends
       the messages.  Each line	 of  the  /etc/syslog.conf  file  contains  an

       The following is an example of an /etc/syslog.conf file:

       # # syslogd config file # # facilities: kern user mail daemon auth sys‐
       log lpr binary # priorities: emerg alert crit err warning  notice  info
       debug   kern.debug		 /var/adm/syslog/kern.log   user.debug
       /var/adm/syslog/user.log	 daemon.debug		  /var/adm/syslog/dae‐
       mon.log	auth.debug		 /var/adm/syslog/auth.log syslog.debug
       /var/adm/syslog/syslog.log    mail,lpr.debug		 /var/adm/sys‐
       log/misc.log  binary.err		     /var/adm/binary.errlog msgbuf.err
       /var/adm/crash/msgbuf.savecore  kern.debug		 /var/adm/mes‐
       sages kern.debug		     /dev/console *.emerg		  *

       The  facility and its severity level must be separated by a period (.).
       You can specify more than one facility on a  line  by  separating  them
       with commas.  You can specify more than one facility and severity level
       on a line by separating them with semicolons.

       The facility and its severity level must be separated from the destina‐
       tion by one or more tab characters or spaces.

       If  you	specify	 an asterisk (*) for a facility, messages generated by
       all parts of the system are logged. All messages of the specified level
       and  of	a greater severity are logged. Blank lines and lines beginning
       with # (number sign) are ignored.

       For example:

       *.emerg;mail,daemon.crit		 /var/adm/syslog/misc.log

       This line logs all facilities at the emerg level (and higher)  and  the
       mail  and  daemon  facilities  at  the  crit  (or  higher) level to the
       /var/adm/syslog/misc.log destination file.

       Known facilities and levels recognized by the syslogd daemon are	 those
       listed  in /usr/include/sys/syslog_pri.h without the leading LOG_.  The
       additional facility mark has a message at priority LOG_INFO sent to  it
       every  20  minutes  (this may be changed with the -m option).  The mark
       facility is not enabled by a facility field containing an * (asterisk).
       The  level none may be used to disable a particular facility. For exam‐

       *.debug;mail.none	      /var/adm/syslog/misc.log

       The previous entry sends all  messages  except  mail  messages  to  the
       /var/adm/syslog/misc.log file.

       There  are  four	 possibilities for the message destination: A filename
       that begins with a leading / (slash). The syslogd daemon will open  the
       file  in append mode.  A hostname preceded by an @ (at sign).  Selected
       messages are forwarded to the syslogd daemon  on	 the  named  host.   A
       comma  separated list of users.	Selected messages are written to those
       users if they are logged in.  An * (asterisk).  Selected	 messages  are
       written to all users who are logged in.

       For example:

       kern,mark.debug	   /dev/console	     *.notice;	 /var/adm/sys‐
       log/mail	    *.crit    /var/adm/syslog/critical	    kern.err  @ucbarpa
       *.emerg	 * *.alert   eric,kridle *.alert;auth.warning	  ralph

       The  preceding  configuration  file  logs messages as follows: Logs all
       kernel messages and 20 minute marks onto the system  console  Logs  all
       notice  (or  higher) level messages and all mail system messages except
       debug messages into the file  /var/adm/syslog/mail  Logs	 all  critical
       messages	 into  the  /var/adm/syslog/critical file Forwards kernel mes‐
       sages of error severity or higher to ucbarpa.  Informs all users of any
       emergency  messages,  informs  users  eric and kridle of any alert mes‐
       sages, and informs user ralph of any alert message or any warning  mes‐
       sage (or higher) from the authorization system.

       Destinations  for  logged messages can be specified with full pathnames
       that begin with a leading / (slash).  The syslogd daemon then opens the
       specified  file(s)  in append mode. If the pathname to a syslogd daemon
       log file that is specified in the syslog.conf file as  a	 /var/adm/sys‐
       log.dated/file,	the  syslogd daemon inserts a date directory, and thus
       produces a day-by-day account of the messages received, directly	 above
       file  in	 the  directory structure.  Typically, you will want to divert
       messages	 separately,  according	 to  facility,	into  files  such   as
       kern.log,  mail.log,  lpr.log,  and  debug.log.	The file /var/adm/sys‐
       log.dated/current is a link to the most recent log file directory.

       If some pathname other than /var/adm/syslog.dated/file is specified  as
       the  pathname  to  the  logfile, the syslogd daemon does not create the
       daily date  directory.	For  example,  if  you	specify	 /var/adm/sys‐
       log/mail.log (without the suffix after syslog), the syslogd daemon sim‐
       ply logs messages to the mail.log file and allows  this	file  to  grow

       The syslogd daemon can recover the messages in the kernel syslog buffer
       that were not logged to the files  specified  in	 the  /etc/syslog.conf
       file  because  a system crash occurred. The savecore command copies the
       buffer recovered from the dump to  the  file  specified	in  the	 "msg‐
       buf.err"	 entry	in the /etc/syslog.conf file.  When the syslogd daemon
       starts up, it looks for this file and, if it exists, processes and then
       deletes the file.

       The  syslogd  daemon  acts  as  a central routing facility for messages
       whose formats are determined by the programs that produce them.

       The syslogd daemon creates the /var/run/  file	 if  possible.
       The  file  contains a single line with its process ID. This can be used
       to kill or reconfigure the syslogd daemon. For example, if  you	modify
       the  syslog.conf	 file  and  you want to implement the changes, use the
       following command:

       # kill -HUP `cat /var/run/`

       If a syslog.conf configuration file does not exist, the syslogd	daemon
       uses the following defaults:

       *.ERR	      /dev/console *.PANIC	  *

       The  defaults  log all error messages to the console and all panic mes‐
       sages (from the kernel) to all logged-in users. No files are written.

       To turn off printing of syslog messages to the console, please refer to
       the syslog(1) reference page.

   Remote Message Forwarding
       The  syslog  has	 a  remote message forwarding function.	 As a security
       feature, this capability is turned off by default.  If  you  intend  to
       configure  other	 hosts to forward syslog messages to a local host, use
       the su command to become	 superuser  (root)  and	 manually  create  the
       /etc/syslog.auth file using a text editor on the local host.

       The  /etc/syslog.auth  file specifies which remote hosts are allowed to
       forward syslog messages to the local host. Unless the domain host  name
       of a remote host is given in the local /etc/syslog.auth file, the local
       host will not log any messages from that remote host. Note that	if  no
       /etc/syslog.auth	 file  exists on the local host, then any remote hosts
       that can establish a network connection will be able to	log  messages.
       See the syslog.auth(4) reference page for information.

   Event Management
       By  default, the syslogd daemon initializes with the -e option, and its
       events are forwarded to the Event Management  utility  (EVM).   If  the
       syslogd	daemon is restarted, event fowarding also restarts by default.
       If you do not want event forwarding to restart automatically,  you  can
       turn it off using the -E option.

       Messages	 from the syslogd daemon are converted to EVM events and noti‐
       fied to the EVM daemon.	Refer to the EVM(5) reference page and	System
       Administration for more information on EVM.

       Specifies  the command path Configuration file.	Process ID.  Specifies
       what remote hosts can forward messages to  the  local  host.   Contains
       configuration  information that specifies what syslogd messages will be
       forwarded to the Event Manager, EVM.  Enables and disables printing  to
       the  console device.  The name of the domain datagram log socket.  Ker‐
       nel log device.	The directory where daily log  subdirectories  reside.
       A link to the directory containing the most recent daily log files.

       Commands: logger(1), syslog(1), savecore(8).

       Functions: syslog(3), openlog(3).

       Files: syslog.auth(4), syslog.conf(4), syslog_evm.conf(4).

       Other: EVM(5).

       Network	Administration: Connections, Network Administration: Services,
       and System Administration.


List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net