SYSLOGD(8) BSD System Manager's Manual SYSLOGD(8)
NAME
syslogd -- Apple System Log server
SYNOPSIS
syslogd [-d] [-D] [-m markinterval] [-p prunedays] [-c logcutoff]
[-l libpath] [-u] [-modulename {01}]
DESCRIPTION
The syslogd server receives and processes log messages. Several modules
receive input messages through various channels, including UNIX domain
sockets associated with the syslog(3), asl(3), and kernel printf APIs,
and optionally from a UDP socket if the ``udpin'' module is enabled.
The Apple System Log facility comprises the asl(3) API, a new syslogd
server, and the syslog(1) command-line utility. The system supports
structured and extensible messages, permitting advanced message browsing
and management through search APIs and other components of the Apple sys-
tem log facility.
Log messages are retained in a data store, subject to pruning and input
filtering as described below, to simplify the task of locating log mes-
sages and to facilitate browsing and searching. The data store is
intended to become a replacement for the numerous log files that are cur-
rently found in various locations on the system. Those files will be
phased out in future versions of Mac OS.
The following options are recognized:
-d Run syslogd in debugging mode. The server stays attached to the
controlling terminal and prints debugging messages.
-D Start as a daemon. This option forces syslogd to fork and have
the child process become a daemon. Since syslogd is started by
launchd, this is not normally required.
-m Set the number of minutes between ``mark'' messages. The default
is 20 minutes. The ``mark'' facility is disabled if the setting
is zero minutes.
-p syslogd saves log messages in a data store that may be searched
using the syslog(1) utility or with the asl(3) API. The data
store is pruned daily by the /etc/daily cron job to keep it from
growing without bound. Since many systems are shut down
overnight (when the daily cron job runs), the data store is also
pruned shortly after syslogd starts up as the system boots. By
default, log messages in the data store that are more than 7 days
old are removed. The setting of the -p prunedays overrides the
default. A setting of zero days disables pruning of the data
store when syslogd starts up.
-c Sets a cutoff filter for log priorities for messages to be
retained in the log message data store. The value of logcutoff
must be between 0 and 7, corresponding to log priorities
LOGEMERG or ASLEVELEMERG and LOGDEBUG or ASLEVELDEBUG as
defined in the syslog(3) and asl(3) header files. Received mes-
sages with a priority or level value greater than the cutoff will
not be saved in the data store. The default filter will retain
messages in the range 0 (Emergency) to 5 (Notice) inclusive.
Note that a this filter value may be adjusted while syslogd is
running using the syslog command-line utility. See the syslog(1)
manual. The filter may be adjusted using the ``-c'' option, e.g.
sudo syslog -c syslogd -d
will set the filter to retain messages in the range 0 (Emergency)
to 7 (Debug).
-l Specifies an alternate path for loading plug-in modules. By
default, syslogd checks for plug-in modules in the directory
/usr/lib/asl.
-u Enables the ``udpin'' module, configuring syslogd to act as a
network log message receiver. The server will receive messages
on the standard ``syslog'' UDP port. Note that this opens the
server to potential denial-of-service attacks, as a malicious
remote sender can flood the server with messages. The -u option
is equivalent to using the -udpin 1 option.
The remaining options of the form -modulename {01} may be used to dis-
able (0) or enable (1) the action of several of internal modules.
-aslin The ``aslin'' module receives log messages on the UNIX
domain socket associated with the asl(3) API. The module
may be disabled using -aslin 0. The module is normally
enabled.
-aslaction The ``aslaction'' module examines the stream of received
log messages and acts upon them according to the rules spec-
ified in the file /etc/asl.conf. See asl.conf(5) for
details.
-klogin The ``klogin'' module receives log messages on the UNIX
domain socket associated with the kernel logging API. The
module may be disabled using -klogin 0. The module is nor-
mally enabled.
-bsdin The ``bsdin'' module receives log messages on the UNIX
domain socket associated with the syslog(3) API. The module
may be disabled using -bsdin 0. The module is normally
enabled.
-bsdout The ``bsdout'' module examines the stream of received log
messages and acts upon them according to the rules specified
in the file /etc/syslog.conf. See syslog.conf(5) for
details. This module exists for backward compatibility with
previous syslogd implementations. Apple encourages use of
the syslog(1) and asl(3) search APIs over the use of the log
files that are specified in the /etc/syslog.conf file.
Future versions of Mac OS will move functions that are cur-
rently handled by the ``bsdout'' module to the
``aslaction'' module.
-udpin The ``udpin'' module receives log messages on the UDP
socket associated with the Internet syslog message protocol.
The module may be enabled using -udpin 1. The module is
normally disabled. This module may also be enabled using
the -u option.
syslogd initializes its built-in modules and loads plug-ins during its
start-up. The data store is pruned approximately 5 minutes after
startup.
syslogd reinitializes in response to a HUP signal.
FILES
/etc/syslog.conf bsdout module configuration file
/etc/asl.conf aslaction module configuration file
/var/run/syslog.pid process ID file
/var/run/log name of the UNIX domain datagram log socket
/dev/klog kernel log device
SEE ALSO
syslog(1), logger(1), asl(3), syslog(3), asl.conf(5) syslog.conf(5)
HISTORY
The syslogd utility appeared in 4.3BSD.
The Apple System Log facility was introduced in Mac OS X 10.4.
Mac OS X October 18, 2004 Mac OS X
|
