diff --git a/klogd.8 b/klogd.8 index c605fbd..3065e93 100644 --- a/klogd.8 +++ b/klogd.8 @@ -52,7 +52,7 @@ daemon to reload the kernel module symbols. The \-I switch signals for a reload of both the static kernel symbols and the kernel module symbols. .TP .B "\-n" -Avoid auto-backgrounding. This is needed especially if the +Avoid auto-backgrounding. This is needed especially if the .B klogd is started and controlled by .BR init (8). @@ -96,10 +96,10 @@ ultimately they are one and the same. Klogd is designed to choose whichever source of information is the most appropriate. It does this by first checking for the presence of a mounted .I /proc -file system. If this is found the +file system. If this is found the .I /proc/kmsg file is used as the source of kernel log -information. If the proc file system is not mounted +information. If the proc file system is not mounted .B klogd uses a system call to obtain kernel messages. The command line switch @@ -110,8 +110,8 @@ messaging source. If kernel messages are directed through the .BR syslogd " daemon the " klogd daemon, as of version 1.1, has the ability to properly prioritize -kernel messages. Prioritization of the kernel messages was added to it -at approximately version 0.99pl13 of the kernel. The raw kernel messages +kernel messages. Prioritization of the kernel messages was added to it +at approximately version 0.99pl13 of the kernel. The raw kernel messages are of the form: .IP \<[0\-7]\>Something said by the kernel. @@ -331,14 +331,15 @@ always consistent with the current kernel state. The .B klogd will respond to eight signals: -.BR SIGHUP ", " SIGINT ", " SIGKILL ", " SIGTERM ", " SIGTSTP ", " SIGUSR1 ", "SIGUSR2 " and " SIGCONT ". The" +.BR SIGHUP ", " SIGINT ", " SIGKILL ", " SIGTERM ", " SIGTSTP ", " +.BR SIGUSR1 ", "SIGUSR2 " and " SIGCONT ". The" .BR SIGINT ", " SIGKILL ", " SIGTERM " and " SIGHUP signals will cause the daemon to close its kernel log sources and terminate gracefully. The .BR SIGTSTP " and " SIGCONT -signals are used to start and stop kernel logging. Upon receipt of a +signals are used to start and stop kernel logging. Upon receipt of a .B SIGTSTP signal the daemon will close its log sources and spin in an idle loop. Subsequent receipt of a diff --git a/sysklogd.8 b/sysklogd.8 index f3bfd2d..ce2cf4e 100644 --- a/sysklogd.8 +++ b/sysklogd.8 @@ -47,7 +47,7 @@ utility which allows kernel logging to be conducted in either a standalone fashion or as a client of syslogd. .B Syslogd -provides a kind of logging that many modern programs use. Every logged +provides a kind of logging that many modern programs use. Every logged message contains at least a time and a hostname field, normally a program name field, too, but that depends on how trusty the logging program is. @@ -67,8 +67,8 @@ The main configuration file .I /etc/syslog.conf or an alternative file, given with the .B "\-f" -option, is read at startup. Any lines that begin with the hash mark -(``#'') and empty lines are ignored. If an error occurs during parsing +option, is read at startup. Any lines that begin with the hash mark +(``#'') and empty lines are ignored. If an error occurs during parsing the whole line is ignored. .LP @@ -87,10 +87,10 @@ described by the people from OpenBSD at http://www.psionic.com/papers/dns.html. .TP .B "\-d" -Turns on debug mode. Using this the daemon will not proceed a +Turns on debug mode. Using this the daemon will not proceed a .BR fork (2) to set itself in the background, but opposite to that stay in the -foreground and write much debug information on the current tty. See the +foreground and write much debug information on the current tty. See the DEBUGGING section for more information. .TP .BI "\-f " "config file" @@ -106,13 +106,13 @@ defined. .TP .BI "\-l " "hostlist" Specify a hostname that should be logged only with its simple hostname -and not the fqdn. Multiple hosts may be specified using the colon +and not the fqdn. Multiple hosts may be specified using the colon (``:'') separator. .TP .BI "\-m " "interval" The .B syslogd -logs a mark timestamp regularly. The default +logs a mark timestamp regularly. The default .I interval between two \fI-- MARK --\fR lines is 20 minutes. This can be changed with this option. Setting the @@ -120,7 +120,7 @@ with this option. Setting the to zero turns it off entirely. .TP .B "\-n" -Avoid auto-backgrounding. This is needed especially if the +Avoid auto-backgrounding. This is needed especially if the .B syslogd is started and controlled by .BR init (8). @@ -132,24 +132,24 @@ You can specify an alternative unix domain socket instead of .B "\-r" This option will enable the facility to receive message from the network using an internet domain socket with the syslog service (see -.BR services (5)). +.BR services (5)). The default is to not receive any messages from the network. This option is introduced in version 1.3 of the sysklogd -package. Please note that the default behavior is the opposite of +package. Please note that the default behavior is the opposite of how older versions behave, so you might have to turn this on. .TP .BI "\-s " "domainlist" Specify a domainname that should be stripped off before -logging. Multiple domains may be specified using the colon (``:'') -separator. Remember that the first match is used, not the best. +logging. Multiple domains may be specified using the colon (``:'') +separator. Remember that the first match is used, not the best. .TP .B "\-v" Print version and exit. .LP .SH SIGNALS .B Syslogd -reacts to a set of signals. You may easily send a signal to +reacts to a set of signals. You may easily send a signal to .B syslogd using the following: .IP @@ -161,7 +161,7 @@ kill -SIGNAL `cat /var/run/syslogd.pid` .B SIGHUP This lets .B syslogd -perform a re-initialization. All open files are closed, the +perform a re-initialization. All open files are closed, the configuration file (default is .IR /etc/syslog.conf ")" will be reread and the @@ -179,7 +179,7 @@ If debugging is enabled these are ignored, otherwise will die. .TP .B SIGUSR1 -Switch debugging on/off. This option can only be used if +Switch debugging on/off. This option can only be used if .B syslogd is started with the .B "\-d" @@ -191,7 +191,7 @@ Wait for childs if some were born, because of wall'ing messages. .SH CONFIGURATION FILE SYNTAX DIFFERENCES .B Syslogd uses a slightly different syntax for its configuration file than -the original BSD sources. Originally all messages of a specific priority +the original BSD sources. Originally all messages of a specific priority and above were forwarded to the log file. .IP For example the following line caused ALL output from daemons using @@ -232,12 +232,12 @@ file. .\" The \fB!\fR as the first character of a priority inverts the above .\" mentioned interpretation. The \fB!\fR is used to exclude logging of the specified -priorities. This affects all (!) possibilities of specifying priorities. +priorities. This affects all (!) possibilities of specifying priorities. .IP For example the following lines would log all messages of the facility mail except those with the priority info to the .I /usr/adm/mail -file. And all messages from news.info (including) to news.crit +file. And all messages from news.info (including) to news.crit (excluding) would be logged to the .I /usr/adm/news file. @@ -248,8 +248,8 @@ file. news.info;news.!crit /usr/adm/news .fi .PP -You may use it intuitively as an exception specifier. The above -mentioned interpretation is simply inverted. Doing that you may use +You may use it intuitively as an exception specifier. The above +mentioned interpretation is simply inverted. Doing that you may use .nf mail.none @@ -263,7 +263,7 @@ or mail.!debug .fi -to skip every message that comes with a mail facility. There is much +to skip every message that comes with a mail facility. There is much room to play with it. :-) The \fB-\fR may only be used to prefix a filename if you want to omit @@ -285,7 +285,7 @@ actually logged to a disk file. To enable this you have to specify the .B "\-r" -option on the command line. The default behavior is that +option on the command line. The default behavior is that .B syslogd won't listen to the network. @@ -293,7 +293,7 @@ The strategy is to have syslogd listen on a unix domain socket for locally generated log messages. This behavior will allow syslogd to inter-operate with the syslog found in the standard C library. At the same time syslogd listens on the standard syslog port for messages -forwarded from other hosts. To have this work correctly the +forwarded from other hosts. To have this work correctly the .BR services (5) files (typically found in .IR /etc ) @@ -307,7 +307,7 @@ entry: If this entry is missing .B syslogd neither can receive remote messages nor send them, because the UDP -port cant be opened. Instead +port cant be opened. Instead .B syslogd will die immediately, blowing out an error message. @@ -344,7 +344,7 @@ If the remote hostname cannot be resolved at startup, because the name-server might not be accessible (it may be started after syslogd) you don't have to worry. .B Syslogd -will retry to resolve the name ten times and then complain. Another +will retry to resolve the name ten times and then complain. Another possibility to avoid this is to place the hostname in .IR /etc/hosts . @@ -352,13 +352,13 @@ With normal .BR syslogd s you would get syslog-loops if you send out messages that were received from a remote host to the same host (or more complicated to a third -host that sends it back to the first one, and so on). In my domain +host that sends it back to the first one, and so on). In my domain (Infodrom Oldenburg) we accidently got one and our disks filled up with the same single message. :-( To avoid this in further times no messages that were received from a remote host are sent out to another (or the same) remote host -anymore. If there are scenarios where this doesn't make sense, please +anymore. If there are scenarios where this doesn't make sense, please drop me (Joey) a line. If the remote host is located in the same domain as the host, @@ -367,12 +367,12 @@ is running on, only the simple hostname will be logged instead of the whole fqdn. In a local network you may provide a central log server to have all -the important information kept on one machine. If the network consists +the important information kept on one machine. If the network consists of different domains you don't have to complain about logging fully -qualified names instead of simple hostnames. You may want to use the +qualified names instead of simple hostnames. You may want to use the strip-domain feature .B \-s -of this server. You can tell the +of this server. You can tell the .B syslogd to strip off several domains other than the one the server is located in and only log simple hostnames. @@ -380,7 +380,7 @@ in and only log simple hostnames. Using the .B \-l option there's also a possibility to define single hosts as local -machines. This, too, results in logging only their simple hostnames +machines. This, too, results in logging only their simple hostnames and not the fqdns. The UDP socket used to forward messages to remote hosts or to receive @@ -392,7 +392,7 @@ forwarding respectively. This version of syslogd has support for logging output to named pipes (fifos). A fifo or named pipe can be used as a destination for log messages by prepending a pipy symbol (``|'') to the name of the -file. This is handy for debugging. Note that the fifo must be created +file. This is handy for debugging. Note that the fifo must be created with the mkfifo command before syslogd is started. .IP The following configuration file routes debug messages from the @@ -428,8 +428,8 @@ Both the can either be run from .BR init (8) or started as part of the rc.* -sequence. If it is started from init the option \fI\-n\fR must be set, -otherwise you'll get tons of syslog daemons started. This is because +sequence. If it is started from init the option \fI\-n\fR must be set, +otherwise you'll get tons of syslog daemons started. This is because .BR init (8) depends on the process ID. .LP @@ -474,36 +474,36 @@ When debugging is turned on using .B "\-d" option then .B syslogd -will be very verbose by writing much of what it does on stdout. Whenever +will be very verbose by writing much of what it does on stdout. Whenever the configuration file is reread and re-parsed you'll see a tabular, -corresponding to the internal data structure. This tabular consists of +corresponding to the internal data structure. This tabular consists of four fields: .TP .I number -This field contains a serial number starting by zero. This number +This field contains a serial number starting by zero. This number represents the position in the internal data structure (i.e. the -array). If one number is left out then there might be an error in the +array). If one number is left out then there might be an error in the corresponding line in .IR /etc/syslog.conf . .TP .I pattern This field is tricky and represents the internal structure -exactly. Every column stands for a facility (refer to +exactly. Every column stands for a facility (refer to .BR syslog (3)). As you can see, there are still some facilities left free for former -use, only the left most are used. Every field in a column represents +use, only the left most are used. Every field in a column represents the priorities (refer to .BR syslog (3)). .TP .I action This field describes the particular action that takes place whenever a -message is received that matches the pattern. Refer to the +message is received that matches the pattern. Refer to the .BR syslog.conf (5) manpage for all possible actions. .TP .I arguments This field shows additional arguments to the actions in the last -field. For file-logging this is the filename for the logfile; for +field. For file-logging this is the filename for the logfile; for user-logging this is a list of users; for remote logging this is the hostname of the machine to log to; for console-logging this is the used console; for tty-logging this is the specified tty; wall has no @@ -530,13 +530,13 @@ If an error occurs in one line the whole rule is ignored. .B Syslogd doesn't change the filemode of opened logfiles at any stage of -process. If a file is created it is world readable. If you want to +process. If a file is created it is world readable. If you want to avoid this, you have to create it and change permissions on your own. This could be done in combination with rotating logfiles using the .BR savelog (8) program that is shipped in the .B smail -3.x distribution. Remember that it might be a security hole if +3.x distribution. Remember that it might be a security hole if everybody is able to read auth.* messages as these might contain passwords. .LP diff --git a/syslog.conf.5 b/syslog.conf.5 index 522bf63..7f40c1c 100644 --- a/syslog.conf.5 +++ b/syslog.conf.5 @@ -25,8 +25,8 @@ The .I syslog.conf file is the main configuration file for the .BR syslogd (8) -which logs system messages on *nix systems. This file specifies rules -for logging. For special features see the +which logs system messages on *nix systems. This file specifies rules +for logging. For special features see the .BR sysklogd (8) manpage. @@ -34,8 +34,8 @@ Every rule consists of two fields, a .I selector field and an .I action -field. These two fields are separated by one or more spaces or -tabs. The selector field specifies a pattern of facilities and +field. These two fields are separated by one or more spaces or +tabs. The selector field specifies a pattern of facilities and priorities belonging to the specified action. Lines starting with a hash mark (``#'') and empty lines are ignored. @@ -53,7 +53,7 @@ and a .IR priority , separated by a period (``.''). Both parts are case insensitive and can also be specified as decimal -numbers, but don't do that, you have been warned. Both facilities and +numbers, but don't do that, you have been warned. Both facilities and priorities are described in .BR syslog (3). The names mentioned below correspond to the similar @@ -72,8 +72,8 @@ The keyword should not be used anymore and .B mark is only for internal use and therefore should not be used in -applications. Anyway, you may want to specify and redirect these -messages here. The +applications. Anyway, you may want to specify and redirect these +messages here. The .I facility specifies the subsystem that produced the message, i.e. all mail programs log with the mail facility @@ -88,13 +88,13 @@ is one of the following keywords, in ascending order: .BR alert ", " emerg ", " panic " (same as " emerg ). The keywords .BR error ", " warn " and " panic -are deprecated and should not be used anymore. The +are deprecated and should not be used anymore. The .I priority defines the severity of the message The behavior of the original BSD syslogd is that all messages of the specified priority and higher are logged according to the given -action. This +action. This .BR syslogd (8) behaves the same, but has some extensions. @@ -102,12 +102,12 @@ In addition to the above mentioned names the .BR syslogd (8) understands the following extensions: An asterisk (``*'') stands for all facilities or all priorities, depending on where it is used -(before or after the period). The keyword +(before or after the period). The keyword .B none stands for no priority of the given facility. You can specify multiple facilities with the same priority pattern in -one statement using the comma (``,'') operator. You may specify as +one statement using the comma (``,'') operator. You may specify as much facilities as you want. Remember that only the facility part from such a statement is taken, a priority part would be skipped. @@ -116,33 +116,33 @@ Multiple selectors may be specified for a single using the semicolon (``;'') separator. Remember that each selector in the .I selector -field is capable to overwrite the preceding ones. Using this +field is capable to overwrite the preceding ones. Using this behavior you can exclude some priorities from the pattern. This .BR syslogd (8) has a syntax extension to the original BSD source, that makes its use -more intuitively. You may precede every priority with an equation sign +more intuitively. You may precede every priority with an equation sign (``='') to specify only this single priority and not any of the -above. You may also (both is valid, too) precede the priority with an +above. You may also (both is valid, too) precede the priority with an exclamation mark (``!'') to ignore all that priorities, either exact -this one or this and any higher priority. If you use both extensions +this one or this and any higher priority. If you use both extensions than the exclamation mark must occur before the equation sign, just use it intuitively. .SH ACTIONS The action field of a rule describes the abstract term -``logfile''. A ``logfile'' need not to be a real file, btw. The +``logfile''. A ``logfile'' need not to be a real file, btw. The .BR syslogd (8) provides the following actions. .SS Regular File -Typically messages are logged to real files. The file has to be +Typically messages are logged to real files. The file has to be specified with full pathname, beginning with a slash ``/''. You may prefix each entry with the minus ``-'' sign to omit syncing -the file after every logging. Note that you might lose information if -the system crashes right behind a write attempt. Nevertheless this +the file after every logging. Note that you might lose information if +the system crashes right behind a write attempt. Nevertheless this might give you back some performance, especially if you run programs that use logging in a very verbose manner. @@ -150,9 +150,9 @@ that use logging in a very verbose manner. This version of .BR syslogd (8) has support for logging output to -named pipes (fifos). A fifo or named pipe can be used as +named pipes (fifos). A fifo or named pipe can be used as a destination for log messages by prepending a pipe symbol (``|'') to -the name of the file. This is handy for debugging. Note that the fifo +the name of the file. This is handy for debugging. Note that the fifo must be created with the .BR mkfifo (1) command before @@ -170,33 +170,33 @@ This provides full remote logging, i.e. is able to send messages to a remote host running .BR syslogd (8) -and to receive messages from remote hosts. The remote +and to receive messages from remote hosts. The remote host won't forward the message again, it will just log them -locally. To forward messages to another host, prepend the hostname +locally. To forward messages to another host, prepend the hostname with the at sign (``@''). Using this feature you're able to control all syslog messages on one -host, if all other machines will log remotely to that. This tears down +host, if all other machines will log remotely to that. This tears down administration needs. .SS List of Users Usually critical messages are also directed to ``root'' on that -machine. You can specify a list of users that shall get the message by -simply writing the login. You may specify more than one user by -separating them with commas (``,''). If they're logged in they -get the message. Don't think a mail would be sent, that might be too +machine. You can specify a list of users that shall get the message by +simply writing the login. You may specify more than one user by +separating them with commas (``,''). If they're logged in they +get the message. Don't think a mail would be sent, that might be too late. .SS Everyone logged on Emergency messages often go to all users currently online to notify -them that something strange is happening with the system. To specify +them that something strange is happening with the system. To specify this .IR wall (1)-feature use an asterisk (``*''). .SH EXAMPLES Here are some example, partially taken from a real existing site and -configuration. Hopefully they rub out all questions to the +configuration. Hopefully they rub out all questions to the configuration, if not, drop me (Joey) a line. .IP .nf @@ -229,9 +229,9 @@ file The second statement directs all kernel messages of the priority .B crit -and higher to the remote host finlandia. This is useful, because if +and higher to the remote host finlandia. This is useful, because if the host crashes and the disks get irreparable errors you might not be -able to read the stored messages. If they're on a remote host, too, +able to read the stored messages. If they're on a remote host, too, you still can try to find out the reason for the crash. The third rule directs these messages to the actual console, so the @@ -258,7 +258,7 @@ This directs all messages that uses .BR mail.info " (in source " LOG_MAIL " | " LOG_INFO ) to .IR /dev/tty12 , -the 12th console. For example the tcpwrapper +the 12th console. For example the tcpwrapper .BR tcpd (8) uses this as it's default. @@ -273,7 +273,7 @@ This pattern matches all messages that come with the .B mail facility, except for the .B info -priority. These will be stored in the file +priority. These will be stored in the file .IR /var/adm/mail . .IP @@ -333,7 +333,7 @@ facility will not be stored. .LP This rule tells the .B syslogd -to write all emergency messages to all currently logged in users. This +to write all emergency messages to all currently logged in users. This is the wall action. .IP @@ -355,14 +355,14 @@ and ``joey'' if they're logged in. .fi .LP This rule would redirect all messages to a remote host called -finlandia. This is useful especially in a cluster of machines where +finlandia. This is useful especially in a cluster of machines where all syslog messages will be stored on only one machine. .SH CONFIGURATION FILE SYNTAX DIFFERENCES .B Syslogd uses a slightly different syntax for its configuration file than -the original BSD sources. Originally all messages of a specific priority -and above were forwarded to the log file. The modifiers ``='', ``!'' +the original BSD sources. Originally all messages of a specific priority +and above were forwarded to the log file. The modifiers ``='', ``!'' and ``-'' were added to make the .B syslogd more flexible and to use it in a more intuitive manner. @@ -377,7 +377,7 @@ Configuration file for .B syslogd .SH BUGS -The effects of multiple selectors are sometimes not intuitive. For +The effects of multiple selectors are sometimes not intuitive. For example ``mail.crit,*.err'' will select ``mail'' facility messages at the level of ``err'' or higher, not at the level of ``crit'' or higher.