mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-10 16:31:18 +01:00
922a51eea0
fprintf -> warnx.
364 lines
9.7 KiB
Groff
364 lines
9.7 KiB
Groff
.\" Copyright (c) 1990, 1991, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by the University of
|
|
.\" California, Berkeley and its contributors.
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" @(#)syslog.conf.5 8.1 (Berkeley) 6/9/93
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd June 9, 1993
|
|
.Dt SYSLOG.CONF 5
|
|
.Os
|
|
.Sh NAME
|
|
.Nm syslog.conf
|
|
.Nd
|
|
.Xr syslogd 8
|
|
configuration file
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
file is the configuration file for the
|
|
.Xr syslogd 8
|
|
program.
|
|
It consists of
|
|
blocks of lines separated by
|
|
.Em program
|
|
specifications,
|
|
with each line containing two fields: the
|
|
.Em selector
|
|
field which specifies the types of messages and priorities to which the
|
|
line applies, and an
|
|
.Em action
|
|
field which specifies the action to be taken if a message
|
|
.Xr syslogd 8
|
|
receives matches the selection criteria.
|
|
The
|
|
.Em selector
|
|
field is separated from the
|
|
.Em action
|
|
field by one or more tab characters or spaces.
|
|
.Pp
|
|
Note that if you use spaces as separators, your
|
|
.Pa syslog.conf
|
|
might be incompatible with other Unices or Unix-like systems.
|
|
This functionality was added for the ease of configuration
|
|
(e.g. it is possible to cut-and-paste into
|
|
.Pa syslog.conf
|
|
),
|
|
and to avoid possible mistakes. This change however preserves
|
|
backwards compatibility with the old style of the
|
|
.Pa syslog.conf
|
|
(i.e. tab characters only).
|
|
.Pp
|
|
The
|
|
.Em Selectors
|
|
function
|
|
are encoded as a
|
|
.Em facility ,
|
|
a period
|
|
.Pq Dq \&. ,
|
|
an optional set of comparison flags
|
|
.Pq Bq <=> ,
|
|
and a
|
|
.Em level ,
|
|
with no intervening white-space.
|
|
Both the
|
|
.Em facility
|
|
and the
|
|
.Em level
|
|
are case insensitive.
|
|
.Pp
|
|
The
|
|
.Em facility
|
|
describes the part of the system generating the message, and is one of
|
|
the following keywords: auth, authpriv, cron, daemon, ftp, kern, lpr, mail,
|
|
mark, news, ntp, syslog, user, uucp, security and local0 through local7.
|
|
These keywords (with the exception of mark) correspond to the
|
|
similar
|
|
.Dq Dv LOG_
|
|
values specified to the
|
|
.Xr openlog 3
|
|
and
|
|
.Xr syslog 3
|
|
library routines.
|
|
.Pp
|
|
The
|
|
.Em comparison flags
|
|
may be used to specify exactly what is logged.
|
|
The default set of comparison flags are
|
|
.Dq =>
|
|
(or, if you prefer,
|
|
.Do >=
|
|
.Dc ),
|
|
which means that messages from the specified
|
|
.Em facility
|
|
list of a priority
|
|
level equal or greater than
|
|
.Em level
|
|
will be logged.
|
|
.Pp
|
|
The
|
|
.Em level
|
|
describes the severity of the message, and is a keyword from the
|
|
following ordered list (higher to lower): emerg, alert, crit, err,
|
|
warning, notice, info and debug.
|
|
These keywords correspond to the
|
|
similar
|
|
.Dq Dv LOG_
|
|
values specified to the
|
|
.Xr syslog 3
|
|
library routine.
|
|
.Pp
|
|
Each block of lines is separated from the previous block by a tag. The tag
|
|
is a line beginning with
|
|
.Em #!prog
|
|
or
|
|
.Em !prog
|
|
(the former is for compatibility with the previous syslogd, if one is sharing
|
|
.Pa syslog.conf
|
|
files, for example)
|
|
and each block will be associated with calls to syslog from that specific
|
|
program. A tag for ``foo'' will also match any message logged by the kernel
|
|
with the prefix ``foo: ''.
|
|
.Pp
|
|
See
|
|
.Xr syslog 3
|
|
for a further descriptions of both the
|
|
.Em facility
|
|
and
|
|
.Em level
|
|
keywords and their significance. It's preferred that selections be made on
|
|
.Em facility
|
|
rather than
|
|
.Em program ,
|
|
since the latter can easily vary in a networked environment. In some cases,
|
|
though, an appropriate
|
|
.Em facility
|
|
simply doesn't exist.
|
|
.Pp
|
|
If a received message matches the specified
|
|
.Em facility
|
|
and is of the specified
|
|
.Em level
|
|
.Em (or a higher level) ,
|
|
and the first word in the message after the date matches the
|
|
.Em program ,
|
|
the action specified in the
|
|
.Em action
|
|
field will be taken.
|
|
.Pp
|
|
Multiple
|
|
.Em selectors
|
|
may be specified for a single
|
|
.Em action
|
|
by separating them with semicolon
|
|
.Pq Dq \&;
|
|
characters.
|
|
It is important to note, however, that each
|
|
.Em selector
|
|
can modify the ones preceding it.
|
|
.Pp
|
|
Multiple
|
|
.Em facilities
|
|
may be specified for a single
|
|
.Em level
|
|
by separating them with comma
|
|
.Pq Dq \&,
|
|
characters.
|
|
.Pp
|
|
An asterisk
|
|
.Pq Dq *
|
|
can be used to specify all
|
|
.Em facilities
|
|
all
|
|
.Em levels
|
|
or all
|
|
.Em programs .
|
|
.Pp
|
|
The special
|
|
.Em facility
|
|
.Dq mark
|
|
receives a message at priority
|
|
.Dq info
|
|
every 20 minutes
|
|
(see
|
|
.Xr syslogd 8 ) .
|
|
This is not enabled by a
|
|
.Em facility
|
|
field containing an asterisk.
|
|
.Pp
|
|
The special
|
|
.Em level
|
|
.Dq none
|
|
disables a particular
|
|
.Em facility .
|
|
.Pp
|
|
The
|
|
.Em action
|
|
field of each line specifies the action to be taken when the
|
|
.Em selector
|
|
field selects a message.
|
|
There are five forms:
|
|
.Bl -bullet
|
|
.It
|
|
A pathname (beginning with a leading slash).
|
|
Selected messages are appended to the file.
|
|
.It
|
|
A hostname (preceded by an at
|
|
.Pq Dq @
|
|
sign).
|
|
Selected messages are forwarded to the
|
|
.Xr syslogd 8
|
|
program on the named host.
|
|
.It
|
|
A comma separated list of users.
|
|
Selected messages are written to those users
|
|
if they are logged in.
|
|
.It
|
|
An asterisk.
|
|
Selected messages are written to all logged-in users.
|
|
.It
|
|
A vertical bar
|
|
.Pq Dq \&| ,
|
|
followed by a command to pipe the selected
|
|
messages to. The command is passed to a
|
|
.Pa /bin/sh
|
|
for evaluation, so usual shell metacharacters or input/output
|
|
redirection can occur. (Note however that redirecting
|
|
.Xr stdio 3
|
|
buffered output from the invoked command can cause additional delays,
|
|
or even lost output data in case a logging subprocess exited with a
|
|
signal.) The command itself runs with
|
|
.Em stdout
|
|
and
|
|
.Em stderr
|
|
redirected to
|
|
.Pa /dev/null .
|
|
Upon receipt of a
|
|
.Dv SIGHUP ,
|
|
.Nm
|
|
will close the pipe to the process. If the process didn't exit
|
|
voluntarily, it will be sent a
|
|
.Dv SIGTERM
|
|
signal after a grace period of up to 60 seconds.
|
|
.Pp
|
|
The command will only be started once data arrives that should be piped
|
|
to it. If it exited later, it will be restarted as necessary. So if it
|
|
is desired that the subprocess should get exactly one line of input only
|
|
(which can be very resource-consuming if there are a lot of messages
|
|
flowing quickly), this can be achieved by exiting after just one line of
|
|
input. If necessary, a script wrapper can be written to this effect.
|
|
.Pp
|
|
Unless the command is a full pipeline, it's probably useful to
|
|
start the command with
|
|
.Em exec
|
|
so that the invoking shell process does not wait for the command to
|
|
complete. Warning: the process is started under the UID invoking
|
|
.Xr syslogd 8 ,
|
|
normally the superuser.
|
|
.El
|
|
.Pp
|
|
Blank lines and lines whose first non-blank character is a hash
|
|
.Pq Dq #
|
|
character are ignored.
|
|
.Sh EXAMPLES
|
|
.Pp
|
|
A configuration file might appear as follows:
|
|
.Bd -literal
|
|
# Log all kernel messages, authentication messages of
|
|
# level notice or higher and anything of level err or
|
|
# higher to the console.
|
|
# Don't log private authentication messages!
|
|
*.err;kern.*;auth.notice;authpriv.none /dev/console
|
|
|
|
# Log anything (except mail) of level info or higher.
|
|
# Don't log private authentication messages!
|
|
*.info;mail.none;authpriv.none /var/log/messages
|
|
|
|
# Log daemon messages at debug level only
|
|
daemon.=debug /var/log/daemon.debug
|
|
|
|
# The authpriv file has restricted access.
|
|
authpriv.* /var/log/secure
|
|
|
|
# Log all the mail messages in one place.
|
|
mail.* /var/log/maillog
|
|
|
|
# Everybody gets emergency messages, plus log them on another
|
|
# machine.
|
|
*.emerg *
|
|
*.emerg @arpa.berkeley.edu
|
|
|
|
# Root and Eric get alert and higher messages.
|
|
*.alert root,eric
|
|
|
|
# Save mail and news errors of level err and higher in a
|
|
# special file.
|
|
uucp,news.crit /var/log/spoolerr
|
|
|
|
# Pipe all authentication messages to a filter.
|
|
auth.* |exec /usr/local/sbin/authfilter
|
|
|
|
# Save ftpd transactions along with mail and news
|
|
!ftpd
|
|
*.* /var/log/spoolerr
|
|
|
|
# Log all security messages to a separate file.
|
|
security.* /var/log/security
|
|
.Ed
|
|
.Sh FILES
|
|
.Bl -tag -width /etc/syslog.conf -compact
|
|
.It Pa /etc/syslog.conf
|
|
.Xr syslogd 8
|
|
configuration file
|
|
.El
|
|
.Sh BUGS
|
|
The effects of multiple
|
|
.Em selectors
|
|
are sometimes not intuitive.
|
|
For example
|
|
.Dq mail.crit,*.err
|
|
will select
|
|
.Dq mail
|
|
facility messages at the level of
|
|
.Dq err
|
|
or higher, not at the level of
|
|
.Dq crit
|
|
or higher.
|
|
.Pp
|
|
In networked environments, note that not all operating systems
|
|
implement the same set of facilities. The facilities
|
|
authpriv, cron, ftp, and ntp that are known to this implementation
|
|
might be absent on the target system. Even worse, DEC UNIX uses
|
|
facility number 10 (which is authpriv in this implementation) to
|
|
log events for their AdvFS file system.
|
|
.Sh SEE ALSO
|
|
.Xr syslog 3 ,
|
|
.Xr syslogd 8
|