1 .\" $NetBSD: syslog.3,v 1.29 2011/07/25 19:42:50 njoly Exp $
2 .\" $OpenBSD: syslog.3,v 1.25 2005/07/22 03:16:58 jaredy Exp $
4 .\" Copyright (c) 1985, 1991, 1993
5 .\" The Regents of the University of California. All rights reserved.
7 .\" Redistribution and use in source and binary forms, with or without
8 .\" modification, are permitted provided that the following conditions
10 .\" 1. Redistributions of source code must retain the above copyright
11 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
15 .\" 3. Neither the name of the University nor the names of its contributors
16 .\" may be used to endorse or promote products derived from this software
17 .\" without specific prior written permission.
19 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 .\" @(#)syslog.3 8.1 (Berkeley) 6/4/93
51 .Nd control system log
57 .Fn syslog "int priority" "const char *message" "..."
59 .Fn syslog_r "int priority" "struct syslog_data *data" "const char *message" "..."
61 .Fn syslogp "int priority" "const char *msgid" "const char *sdfmt" "const char *message" "..."
63 .Fn syslogp_r "int priority" "struct syslog_data *data" "const char *msgid" "const char *sdfmt" "const char *message" "..."
65 .\" .Fn syslog_ss "int priority" "struct syslog_data *data" "const char *message" "..."
67 .Fn openlog "const char *ident" "int logopt" "int facility"
69 .Fn openlog_r "const char *ident" "int logopt" "int facility" "struct syslog_data *data"
73 .Fn closelog_r "struct syslog_data *data"
75 .Fn setlogmask "int maskpri"
77 .Fn setlogmask_r "int maskpri" "struct syslog_data *data"
80 .Fn vsyslog "int priority" "const char *message" "va_list args"
82 .Fn vsyslog_r "int priority" "struct syslog_data *data" "const char *message" "va_list args"
84 .Fn vsyslogp "int priority" "const char *msgid" "const char *sdfmt" "const char *message" "va_list args"
86 .Fn vsyslogp_r "int priority" "struct syslog_data *data" "const char *msgid" "const char *sdfmt" "const char *message" "va_list args"
88 .\" .Fn vsyslog_ss "int priority" "struct syslog_data *data" "const char *message" "va_list args"
95 to the system message logger.
96 The message is then written to the system console, log files,
97 logged-in users, or forwarded to other machines as appropriate (see
100 The message is identical to a
102 format string, except that
104 is replaced by the current error
106 (As denoted by the global variable
110 A trailing newline is added if none is present.
111 .\" shouldn't the newline statement be removed?
112 .\" when logging through a socket a newline is
113 .\" not added nor is it required. -- ms
117 function is a multithread-safe version of the
120 It takes a pointer to a
122 structure which is used to store
124 This parameter must be initialized before
129 constant is used for this purpose.
134 constant are defined as:
135 .Bd -literal -offset indent
146 #define SYSLOG_DATA_INIT { \e
148 .log_fac = LOG_USER, \e
153 The structure is composed of the following elements:
154 .Bl -tag -width connected -offset indent
156 contains the file descriptor of the file where the message is logged
158 indicates if connect has been done
167 string to tag the entry with
171 mask of priorities to be logged
176 .\" is the async-signal-safe version of
178 .\" and is also multithread-safe.
179 .\" It has the following limitations:
180 .\" .Bl -enum -offset indent
182 .\" The format string cannot contain multi-byte character sequences.
184 .\" Floating point formats are not supported and print
187 .\" The time of the event is not sent to
190 .\" The error string in the %m format is not printed symbolically but as
194 .\" For more information about async-signal-safe functions and signal handlers, see
200 is an alternative form in which the arguments have already been captured
201 using the variable-length argument facilities of
206 variants take additional arguments which correspond to new fields in the
207 syslog-protocol message format.
208 All three arguments are evaluated as
210 format strings and any of them can be
212 This enables applications to use message IDs, structured data, and UTF-8 encoded
215 The message is tagged with
217 Priorities are encoded as a
221 The facility describes the part of the system
222 generating the message.
223 The level is selected from the following
226 .Bl -tag -width LOG_AUTHPRIV
229 This is normally broadcast to all users.
231 A condition that should be corrected immediately, such as a corrupted
234 Critical conditions, e.g., hard device errors.
240 Conditions that are not error conditions,
241 but should possibly be handled specially.
243 Informational messages.
245 Messages that contain information
246 normally of use only when debugging a program.
251 is used the same way as
253 except that it takes an additional pointer to a
256 It is a multithread-safe version of the
258 function described above.
261 .\" is the async-signal-safe version of
263 .\" is also multithread-safe, and has the same limitations as
269 provides for more specialized processing of the messages sent
276 is a string that will be prepended to every message.
280 is a bit field specifying logging options, which is formed by
282 one or more of the following values:
283 .Bl -tag -width LOG_AUTHPRIV
287 cannot pass the message to
289 it will attempt to write the message to the console
290 .Pq Dq Pa /dev/console .
292 Open the connection to
295 Normally the open is delayed until the first message is logged.
296 Useful for programs that need to manage the order in which file
297 descriptors are allocated.
299 Write the message to standard error output as well to the system log.
301 Log the process id with each message: useful for identifying
302 instantiations of daemons.
303 (This PID is placed within brackets
304 between the ident and the message.)
309 parameter encodes a default facility to be assigned to all messages
310 that do not have an explicit facility encoded:
311 .Bl -tag -width LOG_AUTHPRIV
313 The authorization system:
321 but logged to a file readable only by
322 selected individuals.
327 System daemons, such as
329 that are not provided for explicitly by other facilities.
331 The file transfer protocol daemon:
334 Messages generated by the kernel.
335 These cannot be generated by any user processes.
337 The line printer spooling system:
345 The network news system.
347 Messages generated internally by
350 Messages generated by random user processes.
351 This is the default facility identifier if none is specified.
355 Reserved for local use.
364 function is the multithread-safe version of the
367 It takes an additional pointer to a
370 This function must be used in conjunction with the other
371 multithread-safe functions.
376 can be used to close the log file.
380 does the same thing as
382 but in a multithread-safe way and takes an additional
390 sets the log priority mask to
392 and returns the previous mask.
395 with a priority not set in
398 The mask for an individual priority
400 is calculated by the macro
402 the mask for all priorities up to and including
404 is given by the macro
405 .Fn LOG_UPTO toppri .
406 The default allows all priorities to be logged.
410 function is the multithread-safe version of
412 It takes an additional pointer to a
436 always return the previous log mask level.
438 .Bd -literal -offset indent -compact
439 syslog(LOG_ALERT, "who: internal error 23");
441 openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
443 setlogmask(LOG_UPTO(LOG_ERR));
445 syslog(LOG_INFO, "Connection from host %d", CallingHost);
447 syslog(LOG_INFO|LOG_LOCAL2, "foobar error: %m");
449 syslogp(LOG_INFO|LOG_LOCAL2, NULL, NULL, "foobar error: %m");
451 syslogp(LOG_INFO, "ID%d", "[meta language=\e"en-US\e"]",
452 "event: %s", 42, EventDescription);
455 For the multithread-safe functions:
456 .Bd -literal -offset indent
457 struct syslog_data sdata = SYSLOG_DATA_INIT;
459 syslog_r(LOG_INFO|LOG_LOCAL2, \*[Am]sdata, "foobar error: %m");
468 .%T The BSD syslog Protocol
472 .%N draft-ietf-syslog-protocol-23
474 .%T The syslog Protocol
477 These non-multithread-safe functions appeared in
479 The multithread-safe functions appeared in
483 The async-signal-safe functions appeared in
485 The syslog-protocol functions appeared in
488 It is important never to pass a string with user-supplied data as a
491 An attacker can put format specifiers in the string to mangle your stack,
492 leading to a possible security hole.
493 This holds true even if you have built the string
495 using a function like
497 as the resulting string may still contain user-supplied conversion specifiers
498 for later interpolation by
501 Always be sure to use the proper secure idiom:
502 .Bd -literal -offset indent
503 syslog(priority, "%s", string);
508 the caller is responsible to use the right formatting for the message fields.
511 must only contain up to 32 ASCII characters.
514 has strict rules for paranthesis and character quoting.
517 contains UTF-8 characters, then it has to start with a Byte Order Mark.