| SYSLOGD(8) | System Manager's Manual | SYSLOGD(8) | 
syslogd —
| syslogd | [ -nrSsTUvX] [-Bbuffer_length] [-bbind_address] [-d[[~]what]]
      [-fconfig_file]
      [-ggroup]
      [-mmark_interval]
      [-ooutput_format]
      [-Pfile_list]
      [-plog_socket
      [-plog_socket2 ...]]
      [-tchroot_dir]
      [-uuser] | 
syslogd reads and logs messages to the system console,
  log files, other machines and/or users as specified by its configuration file.
  The options are as follows:
-B
    buffer_length-X option.-b
    bind_address-d
    [[~]what]~’) before
      what inverts its meaning so that all messages except
      those selected by what are enabled.-f
    config_file-g
    group-m
    mark_interval-n-o
    output_format-P-p
    log_socket-p
      options create multiple log sockets. If no -p
      arguments are given, the default socket of
      /var/run/log is used.-r-S-ssyslogd does not listen on a UDP socket but only
      communicates over a UNIX domain socket. This is
      valuable when the machine on which syslogd runs is
      subject to attack over the network and it is desired that the machine be
      protected from attempts to remotely fill logs and similar attacks.-T-t
    chroot_dir-U-u
    user-v-Xsyslogd reads its configuration file when
    it starts up and whenever it receives a hangup signal. For information on
    the format of the configuration file, see
    syslog.conf(5).
syslogd reads messages from the
    UNIX domain socket
    /var/run/log, from an Internet domain socket
    specified in /etc/services, and from the special
    device /dev/klog (to read kernel messages).
syslogd creates the file
    /var/run/syslogd.pid, and stores its process id
    there. This can be used to kill or reconfigure
    syslogd.
By using multiple -p options, one can set
    up many chroot environments by passing the pathname to the log socket
    (/var/run/log) in each chroot area to
    syslogd. For example:
syslogd -p /var/run/log -p
  /web/var/run/log -p /ftp/var/run/logNote: the normal log socket must now also be passed to
    syslogd.
The logged message includes the date, time, and hostname (or pathname of the log socket). Commonly, the program name and the process id is included.
The date and time are taken from the received message. If the
    format of the timestamp field is incorrect, time obtained from the local
    host is used instead. This can be overridden by the
    -T flag.
Accesses from UDP socket can be filtered by libwrap configuration
    files, like /etc/hosts.deny. Specify
    “syslogd” in
    daemon_list portion of the configuration files. Refer
    to hosts_access(5) for
    details.
syslogd accepts messages in traditional BSD Syslog or in
  newer Syslog Protocol format. See RFC 3164 (BSD Syslog) and RFC 5424 (Syslog
  Protocol) for detailed description of the message format. Messages from the
  local kernel that are not tagged with a priority code receive the default
  facility LOG_KERN and priority
  LOG_NOTICE. All other untagged messages receive the
  default facility LOG_USER and priority
  LOG_NOTICE.
syslogd.The BSD syslog Protocol, RFC, 3164, August 2001.
The Syslog Protocol, RFC, 5424, March 2009.
syslogd command appeared in
  4.3BSD. Support for multiple log sockets appeared in
  NetBSD 1.4. libwrap support appeared in
  NetBSD 1.6. Support for RFC 5424, TLS encryption and
  authentication, signed messages appeared in NetBSD
  6.0.
| November 8, 2022 | NetBSD 10.0 |