Two spaces after fullstop.
This commit is contained in:
Joey Schulze
88
sysklogd.8
88
sysklogd.8
@@ -47,7 +47,7 @@ utility which allows kernel logging to be conducted in either a
|
||||
standalone fashion or as a client of syslogd.
|
||||
|
||||
.B Syslogd
|
||||
provides a kind of logging that many modern programs use. Every logged
|
||||
provides a kind of logging that many modern programs use. Every logged
|
||||
message contains at least a time and a hostname field, normally a
|
||||
program name field, too, but that depends on how trusty the logging
|
||||
program is.
|
||||
@@ -67,8 +67,8 @@ The main configuration file
|
||||
.I /etc/syslog.conf
|
||||
or an alternative file, given with the
|
||||
.B "\-f"
|
||||
option, is read at startup. Any lines that begin with the hash mark
|
||||
(``#'') and empty lines are ignored. If an error occurs during parsing
|
||||
option, is read at startup. Any lines that begin with the hash mark
|
||||
(``#'') and empty lines are ignored. If an error occurs during parsing
|
||||
the whole line is ignored.
|
||||
|
||||
.LP
|
||||
@@ -87,10 +87,10 @@ described by the people from OpenBSD at
|
||||
http://www.psionic.com/papers/dns.html.
|
||||
.TP
|
||||
.B "\-d"
|
||||
Turns on debug mode. Using this the daemon will not proceed a
|
||||
Turns on debug mode. Using this the daemon will not proceed a
|
||||
.BR fork (2)
|
||||
to set itself in the background, but opposite to that stay in the
|
||||
foreground and write much debug information on the current tty. See the
|
||||
foreground and write much debug information on the current tty. See the
|
||||
DEBUGGING section for more information.
|
||||
.TP
|
||||
.BI "\-f " "config file"
|
||||
@@ -106,13 +106,13 @@ defined.
|
||||
.TP
|
||||
.BI "\-l " "hostlist"
|
||||
Specify a hostname that should be logged only with its simple hostname
|
||||
and not the fqdn. Multiple hosts may be specified using the colon
|
||||
and not the fqdn. Multiple hosts may be specified using the colon
|
||||
(``:'') separator.
|
||||
.TP
|
||||
.BI "\-m " "interval"
|
||||
The
|
||||
.B syslogd
|
||||
logs a mark timestamp regularly. The default
|
||||
logs a mark timestamp regularly. The default
|
||||
.I interval
|
||||
between two \fI-- MARK --\fR lines is 20 minutes. This can be changed
|
||||
with this option. Setting the
|
||||
@@ -120,7 +120,7 @@ with this option. Setting the
|
||||
to zero turns it off entirely.
|
||||
.TP
|
||||
.B "\-n"
|
||||
Avoid auto-backgrounding. This is needed especially if the
|
||||
Avoid auto-backgrounding. This is needed especially if the
|
||||
.B syslogd
|
||||
is started and controlled by
|
||||
.BR init (8).
|
||||
@@ -132,24 +132,24 @@ You can specify an alternative unix domain socket instead of
|
||||
.B "\-r"
|
||||
This option will enable the facility to receive message from the
|
||||
network using an internet domain socket with the syslog service (see
|
||||
.BR services (5)).
|
||||
.BR services (5)).
|
||||
The default is to not receive any messages from the network.
|
||||
|
||||
This option is introduced in version 1.3 of the sysklogd
|
||||
package. Please note that the default behavior is the opposite of
|
||||
package. Please note that the default behavior is the opposite of
|
||||
how older versions behave, so you might have to turn this on.
|
||||
.TP
|
||||
.BI "\-s " "domainlist"
|
||||
Specify a domainname that should be stripped off before
|
||||
logging. Multiple domains may be specified using the colon (``:'')
|
||||
separator. Remember that the first match is used, not the best.
|
||||
logging. Multiple domains may be specified using the colon (``:'')
|
||||
separator. Remember that the first match is used, not the best.
|
||||
.TP
|
||||
.B "\-v"
|
||||
Print version and exit.
|
||||
.LP
|
||||
.SH SIGNALS
|
||||
.B Syslogd
|
||||
reacts to a set of signals. You may easily send a signal to
|
||||
reacts to a set of signals. You may easily send a signal to
|
||||
.B syslogd
|
||||
using the following:
|
||||
.IP
|
||||
@@ -161,7 +161,7 @@ kill -SIGNAL `cat /var/run/syslogd.pid`
|
||||
.B SIGHUP
|
||||
This lets
|
||||
.B syslogd
|
||||
perform a re-initialization. All open files are closed, the
|
||||
perform a re-initialization. All open files are closed, the
|
||||
configuration file (default is
|
||||
.IR /etc/syslog.conf ")"
|
||||
will be reread and the
|
||||
@@ -179,7 +179,7 @@ If debugging is enabled these are ignored, otherwise
|
||||
will die.
|
||||
.TP
|
||||
.B SIGUSR1
|
||||
Switch debugging on/off. This option can only be used if
|
||||
Switch debugging on/off. This option can only be used if
|
||||
.B syslogd
|
||||
is started with the
|
||||
.B "\-d"
|
||||
@@ -191,7 +191,7 @@ Wait for childs if some were born, because of wall'ing messages.
|
||||
.SH CONFIGURATION FILE SYNTAX DIFFERENCES
|
||||
.B Syslogd
|
||||
uses a slightly different syntax for its configuration file than
|
||||
the original BSD sources. Originally all messages of a specific priority
|
||||
the original BSD sources. Originally all messages of a specific priority
|
||||
and above were forwarded to the log file.
|
||||
.IP
|
||||
For example the following line caused ALL output from daemons using
|
||||
@@ -232,12 +232,12 @@ file.
|
||||
.\" The \fB!\fR as the first character of a priority inverts the above
|
||||
.\" mentioned interpretation.
|
||||
The \fB!\fR is used to exclude logging of the specified
|
||||
priorities. This affects all (!) possibilities of specifying priorities.
|
||||
priorities. This affects all (!) possibilities of specifying priorities.
|
||||
.IP
|
||||
For example the following lines would log all messages of the facility
|
||||
mail except those with the priority info to the
|
||||
.I /usr/adm/mail
|
||||
file. And all messages from news.info (including) to news.crit
|
||||
file. And all messages from news.info (including) to news.crit
|
||||
(excluding) would be logged to the
|
||||
.I /usr/adm/news
|
||||
file.
|
||||
@@ -248,8 +248,8 @@ file.
|
||||
news.info;news.!crit /usr/adm/news
|
||||
.fi
|
||||
.PP
|
||||
You may use it intuitively as an exception specifier. The above
|
||||
mentioned interpretation is simply inverted. Doing that you may use
|
||||
You may use it intuitively as an exception specifier. The above
|
||||
mentioned interpretation is simply inverted. Doing that you may use
|
||||
|
||||
.nf
|
||||
mail.none
|
||||
@@ -263,7 +263,7 @@ or
|
||||
mail.!debug
|
||||
.fi
|
||||
|
||||
to skip every message that comes with a mail facility. There is much
|
||||
to skip every message that comes with a mail facility. There is much
|
||||
room to play with it. :-)
|
||||
|
||||
The \fB-\fR may only be used to prefix a filename if you want to omit
|
||||
@@ -285,7 +285,7 @@ actually logged to a disk file.
|
||||
|
||||
To enable this you have to specify the
|
||||
.B "\-r"
|
||||
option on the command line. The default behavior is that
|
||||
option on the command line. The default behavior is that
|
||||
.B syslogd
|
||||
won't listen to the network.
|
||||
|
||||
@@ -293,7 +293,7 @@ The strategy is to have syslogd listen on a unix domain socket for
|
||||
locally generated log messages. This behavior will allow syslogd to
|
||||
inter-operate with the syslog found in the standard C library. At the
|
||||
same time syslogd listens on the standard syslog port for messages
|
||||
forwarded from other hosts. To have this work correctly the
|
||||
forwarded from other hosts. To have this work correctly the
|
||||
.BR services (5)
|
||||
files (typically found in
|
||||
.IR /etc )
|
||||
@@ -307,7 +307,7 @@ entry:
|
||||
If this entry is missing
|
||||
.B syslogd
|
||||
neither can receive remote messages nor send them, because the UDP
|
||||
port cant be opened. Instead
|
||||
port cant be opened. Instead
|
||||
.B syslogd
|
||||
will die immediately, blowing out an error message.
|
||||
|
||||
@@ -344,7 +344,7 @@ If the remote hostname cannot be resolved at startup, because the
|
||||
name-server might not be accessible (it may be started after syslogd)
|
||||
you don't have to worry.
|
||||
.B Syslogd
|
||||
will retry to resolve the name ten times and then complain. Another
|
||||
will retry to resolve the name ten times and then complain. Another
|
||||
possibility to avoid this is to place the hostname in
|
||||
.IR /etc/hosts .
|
||||
|
||||
@@ -352,13 +352,13 @@ With normal
|
||||
.BR syslogd s
|
||||
you would get syslog-loops if you send out messages that were received
|
||||
from a remote host to the same host (or more complicated to a third
|
||||
host that sends it back to the first one, and so on). In my domain
|
||||
host that sends it back to the first one, and so on). In my domain
|
||||
(Infodrom Oldenburg) we accidently got one and our disks filled up
|
||||
with the same single message. :-(
|
||||
|
||||
To avoid this in further times no messages that were received from a
|
||||
remote host are sent out to another (or the same) remote host
|
||||
anymore. If there are scenarios where this doesn't make sense, please
|
||||
anymore. If there are scenarios where this doesn't make sense, please
|
||||
drop me (Joey) a line.
|
||||
|
||||
If the remote host is located in the same domain as the host,
|
||||
@@ -367,12 +367,12 @@ is running on, only the simple hostname will be logged instead of
|
||||
the whole fqdn.
|
||||
|
||||
In a local network you may provide a central log server to have all
|
||||
the important information kept on one machine. If the network consists
|
||||
the important information kept on one machine. If the network consists
|
||||
of different domains you don't have to complain about logging fully
|
||||
qualified names instead of simple hostnames. You may want to use the
|
||||
qualified names instead of simple hostnames. You may want to use the
|
||||
strip-domain feature
|
||||
.B \-s
|
||||
of this server. You can tell the
|
||||
of this server. You can tell the
|
||||
.B syslogd
|
||||
to strip off several domains other than the one the server is located
|
||||
in and only log simple hostnames.
|
||||
@@ -380,7 +380,7 @@ in and only log simple hostnames.
|
||||
Using the
|
||||
.B \-l
|
||||
option there's also a possibility to define single hosts as local
|
||||
machines. This, too, results in logging only their simple hostnames
|
||||
machines. This, too, results in logging only their simple hostnames
|
||||
and not the fqdns.
|
||||
|
||||
The UDP socket used to forward messages to remote hosts or to receive
|
||||
@@ -392,7 +392,7 @@ forwarding respectively.
|
||||
This version of syslogd has support for logging output to named pipes
|
||||
(fifos). A fifo or named pipe can be used as a destination for log
|
||||
messages by prepending a pipy symbol (``|'') to the name of the
|
||||
file. This is handy for debugging. Note that the fifo must be created
|
||||
file. This is handy for debugging. Note that the fifo must be created
|
||||
with the mkfifo command before syslogd is started.
|
||||
.IP
|
||||
The following configuration file routes debug messages from the
|
||||
@@ -428,8 +428,8 @@ Both the
|
||||
can either be run from
|
||||
.BR init (8)
|
||||
or started as part of the rc.*
|
||||
sequence. If it is started from init the option \fI\-n\fR must be set,
|
||||
otherwise you'll get tons of syslog daemons started. This is because
|
||||
sequence. If it is started from init the option \fI\-n\fR must be set,
|
||||
otherwise you'll get tons of syslog daemons started. This is because
|
||||
.BR init (8)
|
||||
depends on the process ID.
|
||||
.LP
|
||||
@@ -474,36 +474,36 @@ When debugging is turned on using
|
||||
.B "\-d"
|
||||
option then
|
||||
.B syslogd
|
||||
will be very verbose by writing much of what it does on stdout. Whenever
|
||||
will be very verbose by writing much of what it does on stdout. Whenever
|
||||
the configuration file is reread and re-parsed you'll see a tabular,
|
||||
corresponding to the internal data structure. This tabular consists of
|
||||
corresponding to the internal data structure. This tabular consists of
|
||||
four fields:
|
||||
.TP
|
||||
.I number
|
||||
This field contains a serial number starting by zero. This number
|
||||
This field contains a serial number starting by zero. This number
|
||||
represents the position in the internal data structure (i.e. the
|
||||
array). If one number is left out then there might be an error in the
|
||||
array). If one number is left out then there might be an error in the
|
||||
corresponding line in
|
||||
.IR /etc/syslog.conf .
|
||||
.TP
|
||||
.I pattern
|
||||
This field is tricky and represents the internal structure
|
||||
exactly. Every column stands for a facility (refer to
|
||||
exactly. Every column stands for a facility (refer to
|
||||
.BR syslog (3)).
|
||||
As you can see, there are still some facilities left free for former
|
||||
use, only the left most are used. Every field in a column represents
|
||||
use, only the left most are used. Every field in a column represents
|
||||
the priorities (refer to
|
||||
.BR syslog (3)).
|
||||
.TP
|
||||
.I action
|
||||
This field describes the particular action that takes place whenever a
|
||||
message is received that matches the pattern. Refer to the
|
||||
message is received that matches the pattern. Refer to the
|
||||
.BR syslog.conf (5)
|
||||
manpage for all possible actions.
|
||||
.TP
|
||||
.I arguments
|
||||
This field shows additional arguments to the actions in the last
|
||||
field. For file-logging this is the filename for the logfile; for
|
||||
field. For file-logging this is the filename for the logfile; for
|
||||
user-logging this is a list of users; for remote logging this is the
|
||||
hostname of the machine to log to; for console-logging this is the
|
||||
used console; for tty-logging this is the specified tty; wall has no
|
||||
@@ -530,13 +530,13 @@ If an error occurs in one line the whole rule is ignored.
|
||||
|
||||
.B Syslogd
|
||||
doesn't change the filemode of opened logfiles at any stage of
|
||||
process. If a file is created it is world readable. If you want to
|
||||
process. If a file is created it is world readable. If you want to
|
||||
avoid this, you have to create it and change permissions on your own.
|
||||
This could be done in combination with rotating logfiles using the
|
||||
.BR savelog (8)
|
||||
program that is shipped in the
|
||||
.B smail
|
||||
3.x distribution. Remember that it might be a security hole if
|
||||
3.x distribution. Remember that it might be a security hole if
|
||||
everybody is able to read auth.* messages as these might contain
|
||||
passwords.
|
||||
.LP
|
||||
|
||||
Reference in New Issue
Block a user