Manual Pages for UNIX Darwin command on man syslogd

SYSLOGD(8) BSD System Manager's Manual SYSLOGD(8)

NAME

ssyyssllooggdd - Apple System Log server

SYNOPSIS

ssyyssllooggdd [-dd] [-DD] [-mm markinterval] [-pp prunedays] [-cc logcutoff]

[-ll libpath] [-uu] [-mmoodduulleennaammee {0|1}]

DESCRIPTION

The ssyyssllooggdd server receives and processes log messages. Several modules receive input messages through various channels, including UNIX domain sockets associated with the syslog(3), asl(3), and kernel printf APIs, and optionally from a UDP socket if the ``udpin'' module is enabled. The Apple System Log facility comprises the asl(3) API, a new ssyyssllooggdd

server, and the syslog(1) command-line utility. The system supports

structured and extensible messages, permitting advanced message browsing

and management through search APIs and other components of the Apple sys-

tem log facility. Log messages are retained in a data store, subject to pruning and input

filtering as described below, to simplify the task of locating log mes-

sages and to facilitate browsing and searching. The data store is

intended to become a replacement for the numerous log files that are cur-

rently found in various locations on the system. Those files will be phased out in future versions of Mac OS. The following options are recognized:

-dd Run ssyyssllooggdd in debugging mode. The server stays attached to the

controlling terminal and prints debugging messages.

-DD Start as a daemon. This option forces ssyyssllooggdd to fork and have

the child process become a daemon. Since ssyyssllooggdd is started by llaauunncchhdd, this is not normally required.

-mm Set the number of minutes between ``mark'' messages. The default

is 20 minutes. The ``mark'' facility is disabled if the setting is zero minutes.

-pp ssyyssllooggdd saves log messages in a data store that may be searched

using the syslog(1) utility or with the asl(3) API. The data store is pruned daily by the /etc/daily cron job to keep it from growing without bound. Since many systems are shut down overnight (when the daily cron job runs), the data store is also pruned shortly after ssyyssllooggdd starts up as the system boots. By default, log messages in the data store that are more than 7 days

old are removed. The setting of the -pp prunedays overrides the

default. A setting of zero days disables pruning of the data store when ssyyssllooggdd starts up.

-cc Sets a cutoff filter for log priorities for messages to be

retained in the log message data store. The value of logcutoff must be between 0 and 7, corresponding to log priorities LOGEMERG or ASLLEVELEMERG and LOGDEBUG or ASLLEVELDEBUG as

defined in the syslog(3) and asl(3) header files. Received mes-

sages with a priority or level value greater than the cutoff will not be saved in the data store. The default filter will retain messages in the range 0 (Emergency) to 5 (Notice) inclusive. Note that a this filter value may be adjusted while ssyyssllooggdd is

running using the ssyysslloogg command-line utility. See the syslog(1)

manual. The filter may be adjusted using the ``-c'' option, e.g.

sudo syslog -c syslogd -d

will set the filter to retain messages in the range 0 (Emergency) to 7 (Debug).

-ll Specifies an alternate path for loading plug-in modules. By

default, ssyyssllooggdd checks for plug-in modules in the directory

/usr/lib/asl.

-uu Enables the ``udpin'' module, configuring ssyyssllooggdd to act as a

network log message receiver. The server will receive messages on the standard ``syslog'' UDP port. Note that this opens the

server to potential denial-of-service attacks, as a malicious

remote sender can flood the server with messages. The -uu option

is equivalent to using the -uuddppiinn 1 option.

The remaining options of the form -mmoodduulleennaammee {0|1} may be used to dis-

able (0) or enable (1) the action of several of internal modules.

-aasslliinn The ``aslin'' module receives log messages on the UNIX

domain socket associated with the asl(3) API. The module

may be disabled using -aasslliinn 0. The module is normally

enabled.

-aassllaaccttiioonn The ``aslaction'' module examines the stream of received

log messages and acts upon them according to the rules spec-

ified in the file /etc/asl.conf. See asl.conf(5) for details.

-kkllooggiinn The ``klogin'' module receives log messages on the UNIX

domain socket associated with the kernel logging API. The

module may be disabled using -kkllooggiinn 0. The module is nor-

mally enabled.

-bbssddiinn The ``bsdin'' module receives log messages on the UNIX

domain socket associated with the syslog(3) API. The module

may be disabled using -bbssddiinn 0. The module is normally

enabled.

-bbssddoouutt The ``bsdout'' module examines the stream of received log

messages and acts upon them according to the rules specified in the file /etc/syslog.conf. See syslog.conf(5) for details. This module exists for backward compatibility with previous ssyyssllooggdd implementations. Apple encourages use of the syslog(1) and asl(3) search APIs over the use of the log files that are specified in the /etc/syslog.conf file.

Future versions of Mac OS will move functions that are cur-

rently handled by the ``bsdout'' module to the ``aslaction'' module.

-uuddppiinn The ``udpin'' module receives log messages on the UDP

socket associated with the Internet syslog message protocol.

The module may be enabled using -uuddppiinn 1. The module is

normally disabled. This module may also be enabled using

the -uu option.

ssyyssllooggdd initializes its built-in modules and loads plug-ins during its

start-up. The data store is pruned approximately 5 minutes after

startup. ssyyssllooggdd reinitializes in response to a HUP signal. FILES /etc/syslog.conf bsdout module configuration file /etc/asl.conf aslaction module configuration file /var/run/syslog.pid process ID file /var/run/log name of the UNIX domain datagram log socket /dev/klog kernel log device