freebsd-dev/usr.sbin/syslogd/syslogd.8
Joerg Wunsch 3548606371 Nobody ever seemed to be interested in reviewing these changes, and i
found that my syslogd is now running them for several months...

Add an option to syslogd to restrict the IP addresses that are allowed
to log to this syslogd.  It's too late to develop the inter-syslogd
communications protocol mentioned in the BUGS section, some 10 years
too late.  Thus, restricting the IP address range is about the most
effective change we can do if we want to allow incoming syslog
messages at all.

IMHO, we should encourage the system administrators to use this option,
and thus provide a knob in /etc/rc.* for it, defaulting to -a 127.0.0.1/32
(just as a hint about the usage).

Please state opinions about whether to merge this change into 2.2 or
not (i've got it running on RELENG_2_2 anyway).
1997-05-03 22:17:43 +00:00

219 lines
6.0 KiB
Groff

.\" Copyright (c) 1983, 1986, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by the University of
.\" California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" @(#)syslogd.8 8.1 (Berkeley) 6/6/93
.\" $Id: syslogd.8,v 1.10 1997/04/29 09:09:40 jmg Exp $
.\"
.Dd October 12, 1995
.Dt SYSLOGD 8
.Os BSD 4.2
.Sh NAME
.Nm syslogd
.Nd log systems messages
.Sh SYNOPSIS
.Nm
.Op Fl a Ar allowed_peer
.Op Fl f Ar config_file
.Op Fl m Ar mark_interval
.Op Fl p Ar log_socket
.Op Fl s
.Sh DESCRIPTION
The
.Nm
daemon reads and logs messages to the system console, log files, other
machines and/or users as specified by its configuration file.
The options are as follows:
.Bl -tag -width Ds
.It Fl a Ar allowed_peer
Allow
.Ar allowed_peer
to log to this
.Nm syslogd
using UDP datagrams. Multiple
.Fl a
options may be specified.
.Pp
.Ar Allowed_peer
can be any of the following:
.Bl -tag -width "ipaddr/masklen[:service]XX"
.It Ar ipaddr/masklen Ns Op Ar :service
Accept datagrams from
.Ar ipaddr
(in the usual dotted quad notation) with
.Ar masklen
bits being taken into account when doing the address comparision. If
specified,
.Ar service
is the name or number of an UDP service (see
.Xr services 5 ) Ns
the source packet must belong to. A
.Ar service
of
.Ql \&*
allows packets being sent from any UDP port. The default
.Ar service
is
.Ql syslog .
A missing
.Ar masklen
will be substituted by the historic class A or class B netmasks if
.Ar ipaddr
belongs into the address range of class A or B, respectively, or
by 24 otherwise.
.It Ar domainname Ns Op Ar :service
Accept datagrams where the reverse address lookup yields
.Ar domainname
for the sender address. The meaning of
.Ar service
is as explained above.
.It Ar *domainname Ns Op Ar :service
Same as before, except that any source host whose name
.Em ends
in
.Ar domainname
will get permission.
.El
.It Fl d
Put
.Nm
into debugging mode. This is probably only of use to developers working on
.Nm Ns .
.It Fl f
Specify the pathname of an alternate configuration file;
the default is
.Pa /etc/syslog.conf .
.It Fl m
Select the number of minutes between
.Dq mark
messages; the default is 20 minutes.
.It Fl p
Specify the pathname of an alternate log socket;
the default is
.Pa /var/run/log .
.It Fl s
Operate in secure mode. Do not listen for log message from remote machines.
.El
.Pp
The
.Nm
daemon reads its configuration file when it starts up and whenever it
receives a hangup signal.
For information on the format of the configuration file,
see
.Xr syslog.conf 5 .
.Pp
The
.Nm
daemon reads messages from the
.Tn UNIX
domain socket
.Pa /var/run/log ,
from an Internet domain socket specified in
.Pa /etc/services ,
and from the special device
.Pa /dev/klog
(to read kernel messages).
.Pp
The
.Nm
daemon creates the file
.Pa /var/run/syslog.pid ,
and stores its process
id there.
This can be used to kill or reconfigure
.Nm Ns .
.Pp
The message sent to
.Nm
should consist of a single line.
The message can contain a priority code, which should be a preceding
decimal number in angle braces, for example,
.Sq Aq 5.
This priority code should map into the priorities defined in the
include file
.Aq Pa sys/syslog.h .
.Sh FILES
.Bl -tag -width /var/run/syslog.pid -compact
.It Pa /etc/syslog.conf
The configuration file.
.It Pa /var/run/syslog.pid
The process id of current
.Nm Ns .
.It Pa /var/run/log
Name of the
.Tn UNIX
domain datagram log socket.
.It Pa /dev/klog
The kernel log device.
.El
.Sh SEE ALSO
.Xr logger 1 ,
.Xr syslog 3 ,
.Xr services 5 ,
.Xr syslog.conf 5
.Sh HISTORY
The
.Nm
command appeared in
.Bx 4.3 .
.Pp
The
.Fl s
and
.Fl a
options are
.Fx 2.2
extensions.
.Sh BUGS
The ability to log messages received in UDP packets is equivalent to
an unauthenticated remote disk-filling service, and should probably be
disabled by default. Some sort of
.No inter- Ns Nm syslogd
authentication mechanism ought to be worked out. To prevent the worst
abuse, use of the
.Fl a
option is therefore highly recommended.
.Pp
The
.Fl a
matching algorithm doesn't pretend to be very efficient; use of numeric
IP addresses is faster than domain name comparision. Since the allowed
peer list is being walked linearly, peer groups where frequent messages
are being anticipated from should be put early into the
.Fl a
list.
.Pp
The log socket was moved from
.Pa /dev
to ease the use of a read-only root filesystem. This may confuse
some old binaries so that a symbolic link might be used for a
transitional period.