3548606371
found that my syslogd is now running them for several months... Add an option to syslogd to restrict the IP addresses that are allowed to log to this syslogd. It's too late to develop the inter-syslogd communications protocol mentioned in the BUGS section, some 10 years too late. Thus, restricting the IP address range is about the most effective change we can do if we want to allow incoming syslog messages at all. IMHO, we should encourage the system administrators to use this option, and thus provide a knob in /etc/rc.* for it, defaulting to -a 127.0.0.1/32 (just as a hint about the usage). Please state opinions about whether to merge this change into 2.2 or not (i've got it running on RELENG_2_2 anyway).
219 lines
6.0 KiB
Groff
219 lines
6.0 KiB
Groff
.\" Copyright (c) 1983, 1986, 1991, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by the University of
|
|
.\" California, Berkeley and its contributors.
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" @(#)syslogd.8 8.1 (Berkeley) 6/6/93
|
|
.\" $Id: syslogd.8,v 1.10 1997/04/29 09:09:40 jmg Exp $
|
|
.\"
|
|
.Dd October 12, 1995
|
|
.Dt SYSLOGD 8
|
|
.Os BSD 4.2
|
|
.Sh NAME
|
|
.Nm syslogd
|
|
.Nd log systems messages
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Op Fl a Ar allowed_peer
|
|
.Op Fl f Ar config_file
|
|
.Op Fl m Ar mark_interval
|
|
.Op Fl p Ar log_socket
|
|
.Op Fl s
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
daemon reads and logs messages to the system console, log files, other
|
|
machines and/or users as specified by its configuration file.
|
|
The options are as follows:
|
|
.Bl -tag -width Ds
|
|
.It Fl a Ar allowed_peer
|
|
Allow
|
|
.Ar allowed_peer
|
|
to log to this
|
|
.Nm syslogd
|
|
using UDP datagrams. Multiple
|
|
.Fl a
|
|
options may be specified.
|
|
.Pp
|
|
.Ar Allowed_peer
|
|
can be any of the following:
|
|
.Bl -tag -width "ipaddr/masklen[:service]XX"
|
|
.It Ar ipaddr/masklen Ns Op Ar :service
|
|
Accept datagrams from
|
|
.Ar ipaddr
|
|
(in the usual dotted quad notation) with
|
|
.Ar masklen
|
|
bits being taken into account when doing the address comparision. If
|
|
specified,
|
|
.Ar service
|
|
is the name or number of an UDP service (see
|
|
.Xr services 5 ) Ns
|
|
the source packet must belong to. A
|
|
.Ar service
|
|
of
|
|
.Ql \&*
|
|
allows packets being sent from any UDP port. The default
|
|
.Ar service
|
|
is
|
|
.Ql syslog .
|
|
A missing
|
|
.Ar masklen
|
|
will be substituted by the historic class A or class B netmasks if
|
|
.Ar ipaddr
|
|
belongs into the address range of class A or B, respectively, or
|
|
by 24 otherwise.
|
|
.It Ar domainname Ns Op Ar :service
|
|
Accept datagrams where the reverse address lookup yields
|
|
.Ar domainname
|
|
for the sender address. The meaning of
|
|
.Ar service
|
|
is as explained above.
|
|
.It Ar *domainname Ns Op Ar :service
|
|
Same as before, except that any source host whose name
|
|
.Em ends
|
|
in
|
|
.Ar domainname
|
|
will get permission.
|
|
.El
|
|
.It Fl d
|
|
Put
|
|
.Nm
|
|
into debugging mode. This is probably only of use to developers working on
|
|
.Nm Ns .
|
|
.It Fl f
|
|
Specify the pathname of an alternate configuration file;
|
|
the default is
|
|
.Pa /etc/syslog.conf .
|
|
.It Fl m
|
|
Select the number of minutes between
|
|
.Dq mark
|
|
messages; the default is 20 minutes.
|
|
.It Fl p
|
|
Specify the pathname of an alternate log socket;
|
|
the default is
|
|
.Pa /var/run/log .
|
|
.It Fl s
|
|
Operate in secure mode. Do not listen for log message from remote machines.
|
|
.El
|
|
.Pp
|
|
The
|
|
.Nm
|
|
daemon reads its configuration file when it starts up and whenever it
|
|
receives a hangup signal.
|
|
For information on the format of the configuration file,
|
|
see
|
|
.Xr syslog.conf 5 .
|
|
.Pp
|
|
The
|
|
.Nm
|
|
daemon reads messages from the
|
|
.Tn UNIX
|
|
domain socket
|
|
.Pa /var/run/log ,
|
|
from an Internet domain socket specified in
|
|
.Pa /etc/services ,
|
|
and from the special device
|
|
.Pa /dev/klog
|
|
(to read kernel messages).
|
|
.Pp
|
|
The
|
|
.Nm
|
|
daemon creates the file
|
|
.Pa /var/run/syslog.pid ,
|
|
and stores its process
|
|
id there.
|
|
This can be used to kill or reconfigure
|
|
.Nm Ns .
|
|
.Pp
|
|
The message sent to
|
|
.Nm
|
|
should consist of a single line.
|
|
The message can contain a priority code, which should be a preceding
|
|
decimal number in angle braces, for example,
|
|
.Sq Aq 5.
|
|
This priority code should map into the priorities defined in the
|
|
include file
|
|
.Aq Pa sys/syslog.h .
|
|
.Sh FILES
|
|
.Bl -tag -width /var/run/syslog.pid -compact
|
|
.It Pa /etc/syslog.conf
|
|
The configuration file.
|
|
.It Pa /var/run/syslog.pid
|
|
The process id of current
|
|
.Nm Ns .
|
|
.It Pa /var/run/log
|
|
Name of the
|
|
.Tn UNIX
|
|
domain datagram log socket.
|
|
.It Pa /dev/klog
|
|
The kernel log device.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr logger 1 ,
|
|
.Xr syslog 3 ,
|
|
.Xr services 5 ,
|
|
.Xr syslog.conf 5
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
command appeared in
|
|
.Bx 4.3 .
|
|
.Pp
|
|
The
|
|
.Fl s
|
|
and
|
|
.Fl a
|
|
options are
|
|
.Fx 2.2
|
|
extensions.
|
|
.Sh BUGS
|
|
The ability to log messages received in UDP packets is equivalent to
|
|
an unauthenticated remote disk-filling service, and should probably be
|
|
disabled by default. Some sort of
|
|
.No inter- Ns Nm syslogd
|
|
authentication mechanism ought to be worked out. To prevent the worst
|
|
abuse, use of the
|
|
.Fl a
|
|
option is therefore highly recommended.
|
|
.Pp
|
|
The
|
|
.Fl a
|
|
matching algorithm doesn't pretend to be very efficient; use of numeric
|
|
IP addresses is faster than domain name comparision. Since the allowed
|
|
peer list is being walked linearly, peer groups where frequent messages
|
|
are being anticipated from should be put early into the
|
|
.Fl a
|
|
list.
|
|
.Pp
|
|
The log socket was moved from
|
|
.Pa /dev
|
|
to ease the use of a read-only root filesystem. This may confuse
|
|
some old binaries so that a symbolic link might be used for a
|
|
transitional period.
|