version 2, including all changes.
.
Rev |
Author |
# |
Line |
1 |
perry |
1 |
SYSKLOGD |
|
|
2 |
!!!SYSKLOGD |
|
|
3 |
NAME |
|
|
4 |
SYNOPSIS |
|
|
5 |
DESCRIPTION |
|
|
6 |
OPTIONS |
|
|
7 |
SIGNALS |
|
|
8 |
CONFIGURATION FILE SYNTAX DIFFERENCES |
|
|
9 |
SUPPORT FOR REMOTE LOGGING |
|
|
10 |
OUTPUT TO NAMED PIPES (FIFOs) |
|
|
11 |
INSTALLATION CONCERNS |
|
|
12 |
SECURITY THREATS |
|
|
13 |
DEBUGGING |
|
|
14 |
FILES |
|
|
15 |
BUGS |
|
|
16 |
SEE ALSO |
|
|
17 |
COLLABORATORS |
|
|
18 |
---- |
|
|
19 |
!!NAME |
|
|
20 |
|
|
|
21 |
|
|
|
22 |
sysklogd - Linux system logging utilities. |
|
|
23 |
!!SYNOPSIS |
|
|
24 |
|
|
|
25 |
|
|
|
26 |
__syslogd__ [[ __-a__ ''socket'' ] [[ __-d__ ] [[ |
|
|
27 |
__-f__ ''config file'' ] [[ __-h__ ] [[ __-l__ |
|
|
28 |
''hostlist'' ] [[ __-m__ ''interval'' ] [[ __-n__ |
|
|
29 |
] [[ __-p__ ''socket'' ] [[ __-r__ ] [[ __-s__ |
|
|
30 |
''domainlist'' ] [[ __-v__ ] |
|
|
31 |
!!DESCRIPTION |
|
|
32 |
|
|
|
33 |
|
|
|
34 |
__Sysklogd__ provides two system utilities which provide |
|
|
35 |
support for system logging and kernel message trapping. |
|
|
36 |
Support of both internet and unix domain sockets enables |
|
|
37 |
this utility package to support both local and remote |
|
|
38 |
logging. |
|
|
39 |
|
|
|
40 |
|
|
|
41 |
System logging is provided by a version of syslogd(8) |
|
|
42 |
derived from the stock BSD sources. Support for kernel |
|
|
43 |
logging is provided by the klogd(8) utility which |
|
|
44 |
allows kernel logging to be conducted in either a standalone |
|
|
45 |
fashion or as a client of syslogd. |
|
|
46 |
|
|
|
47 |
|
|
|
48 |
__Syslogd__ provides a kind of logging that many modern |
|
|
49 |
programs use. Every logged message contains at least a time |
|
|
50 |
and a hostname field, normally a program name field, too, |
|
|
51 |
but that depends on how trusty the logging program |
|
|
52 |
is. |
|
|
53 |
|
|
|
54 |
|
|
|
55 |
While the __syslogd__ sources have been heavily modified |
|
|
56 |
a couple of notes are in order. First of all there has been |
|
|
57 |
a systematic attempt to insure that syslogd follows its |
|
|
58 |
default, standard BSD behavior. The second important concept |
|
|
59 |
to note is that this version of syslogd interacts |
|
|
60 |
transparently with the version of syslog found in the |
|
|
61 |
standard libraries. If a binary linked to the standard |
|
|
62 |
shared libraries fails to function correctly we would like |
|
|
63 |
an example of the anomalous behavior. |
|
|
64 |
|
|
|
65 |
|
|
|
66 |
The main configuration file ''/etc/syslog.conf'' or an |
|
|
67 |
alternative file, given with the __-f__ option, is read |
|
|
68 |
at startup. Any lines that begin with the hash mark (``#'') |
|
|
69 |
and empty lines are ignored. If an error occurs during |
|
|
70 |
parsing the whole line is ignored. |
|
|
71 |
!!OPTIONS |
|
|
72 |
|
|
|
73 |
|
|
|
74 |
__-a__ ''socket'' |
|
|
75 |
|
|
|
76 |
|
|
|
77 |
Using this argument you can specify additional sockets from |
|
|
78 |
that __syslogd__ has to listen to. This is needed if |
|
|
79 |
you're going to let some daemon run within a chroot() |
|
|
80 |
environment. You can use up to 19 additional sockets. If |
|
|
81 |
your environment needs even more, you have to increase the |
|
|
82 |
symbol __MAXFUNIX__ within the syslogd.c source file. An |
|
|
83 |
example for a chroot() daemon is described by the people |
|
|
84 |
from OpenBSD at |
|
|
85 |
http://www.psionic.com/papers/dns.html. |
|
|
86 |
|
|
|
87 |
|
|
|
88 |
__-d__ |
|
|
89 |
|
|
|
90 |
|
|
|
91 |
Turns on debug mode. Using this the daemon will not proceed |
|
|
92 |
a fork(2) to set itself in the background, but |
|
|
93 |
opposite to that stay in the foreground and write much debug |
|
|
94 |
information on the current tty. See the DEBUGGING section |
|
|
95 |
for more information. |
|
|
96 |
|
|
|
97 |
|
|
|
98 |
__-f__ ''config file'' |
|
|
99 |
|
|
|
100 |
|
|
|
101 |
Specify an alternative configuration file instead of |
|
|
102 |
''/etc/syslog.conf'', which is the default. |
|
|
103 |
|
|
|
104 |
|
|
|
105 |
__-h__ |
|
|
106 |
|
|
|
107 |
|
|
|
108 |
By default syslogd will not forward messages it receives |
|
|
109 |
from remote hosts. Specifying this switch on the command |
|
|
110 |
line will cause the log daemon to forward any remote |
|
|
111 |
messages it receives to forwarding hosts which have been |
|
|
112 |
defined. |
|
|
113 |
|
|
|
114 |
|
|
|
115 |
__-l__ ''hostlist'' |
|
|
116 |
|
|
|
117 |
|
|
|
118 |
Specify a hostname that should be logged only with its |
|
|
119 |
simple hostname and not the fqdn. Multiple hosts may be |
|
|
120 |
specified using the colon (``:'') separator. |
|
|
121 |
|
|
|
122 |
|
|
|
123 |
__-m__ ''interval'' |
|
|
124 |
|
|
|
125 |
|
|
|
126 |
The __syslogd__ logs a mark timestamp regularly. The |
|
|
127 |
default ''interval'' between two ''-- MARK --'' lines |
|
|
128 |
is 20 minutes. This can be changed with this option. Setting |
|
|
129 |
the ''interval'' to zero turns it off |
|
|
130 |
entirely. |
|
|
131 |
|
|
|
132 |
|
|
|
133 |
__-n__ |
|
|
134 |
|
|
|
135 |
|
|
|
136 |
Avoid auto-backgrounding. This is needed especially if the |
|
|
137 |
__syslogd__ is started and controlled by |
|
|
138 |
init(8). |
|
|
139 |
|
|
|
140 |
|
|
|
141 |
__-p__ ''socket'' |
|
|
142 |
|
|
|
143 |
|
|
|
144 |
You can specify an alternative unix domain socket instead of |
|
|
145 |
''/dev/log''. |
|
|
146 |
|
|
|
147 |
|
|
|
148 |
__-r__ |
|
|
149 |
|
|
|
150 |
|
|
|
151 |
This option will enable the facility to receive message from |
|
|
152 |
the network using an internet domain socket with the syslog |
|
|
153 |
service (see services(5)). The default is to not |
|
|
154 |
receive any messages from the network. |
|
|
155 |
|
|
|
156 |
|
|
|
157 |
This option is introduced in version 1.3 of the sysklogd |
|
|
158 |
package. Please note that the default behavior is the |
|
|
159 |
opposite of how older versions behave, so you might have to |
|
|
160 |
turn this on. |
|
|
161 |
|
|
|
162 |
|
|
|
163 |
__-s__ ''domainlist'' |
|
|
164 |
|
|
|
165 |
|
|
|
166 |
Specify a domainname that should be stripped off before |
|
|
167 |
logging. Multiple domains may be specified using the colon |
|
|
168 |
(``:'') separator. Please be advised that no sub-domains may |
|
|
169 |
be specified but only entire domains. For example if __-s |
|
|
170 |
north.de__ is specified and the host logging resolves to |
|
|
171 |
satu.infodrom.north.de no domain would be cut, you will have |
|
|
172 |
to specify two domains like: __-s |
|
|
173 |
north.de:infodrom.north.de__. |
|
|
174 |
|
|
|
175 |
|
|
|
176 |
__-v__ |
|
|
177 |
|
|
|
178 |
|
|
|
179 |
Print version and exit. |
|
|
180 |
!!SIGNALS |
|
|
181 |
|
|
|
182 |
|
|
|
183 |
__Syslogd__ reacts to a set of signals. You may easily |
|
|
184 |
send a signal to __syslogd__ using the |
|
|
185 |
following: |
|
|
186 |
|
|
|
187 |
|
|
|
188 |
kill -SIGNAL `cat /var/run/syslogd.pid` |
|
|
189 |
|
|
|
190 |
|
|
|
191 |
__SIGHUP__ |
|
|
192 |
|
|
|
193 |
|
|
|
194 |
This lets __syslogd__ perform a re-initialization. All |
|
|
195 |
open files are closed, the configuration file (default is |
|
|
196 |
''/etc/syslog.conf'') will be reread and the |
|
|
197 |
syslog(3) facility is started again. |
|
|
198 |
|
|
|
199 |
|
|
|
200 |
__SIGTERM__ |
|
|
201 |
|
|
|
202 |
|
|
|
203 |
The __syslogd__ will die. |
|
|
204 |
|
|
|
205 |
|
|
|
206 |
__SIGINT__, __SIGQUIT__ |
|
|
207 |
|
|
|
208 |
|
|
|
209 |
If debugging is enabled these are ignored, otherwise |
|
|
210 |
__syslogd__ will die. |
|
|
211 |
|
|
|
212 |
|
|
|
213 |
__SIGUSR1__ |
|
|
214 |
|
|
|
215 |
|
|
|
216 |
Switch debugging on/off. This option can only be used if |
|
|
217 |
__syslogd__ is started with the __-d__ debug |
|
|
218 |
option. |
|
|
219 |
|
|
|
220 |
|
|
|
221 |
__SIGCHLD__ |
|
|
222 |
|
|
|
223 |
|
|
|
224 |
Wait for childs if some were born, because of wall'ing |
|
|
225 |
messages. |
|
|
226 |
!!CONFIGURATION FILE SYNTAX DIFFERENCES |
|
|
227 |
|
|
|
228 |
|
|
|
229 |
__Syslogd__ uses a slightly different syntax for its |
|
|
230 |
configuration file than the original BSD sources. Originally |
|
|
231 |
all messages of a specific priority and above were forwarded |
|
|
232 |
to the log file. |
|
|
233 |
|
|
|
234 |
|
|
|
235 |
For example the following line caused ALL output from |
|
|
236 |
daemons using the daemon facilities (debug is the lowest |
|
|
237 |
priority, so every higher will also match) to go into |
|
|
238 |
''/usr/adm/daemons'': |
|
|
239 |
|
|
|
240 |
|
|
|
241 |
# Sample syslog.conf |
|
|
242 |
daemon.debug /usr/adm/daemons |
|
|
243 |
|
|
|
244 |
|
|
|
245 |
Under the new scheme this behavior remains the same. The |
|
|
246 |
difference is the addition of four new specifiers, the |
|
|
247 |
asterisk (__*__) wildcard, the equation sign (__=__), |
|
|
248 |
the exclamation mark (__!__), and the minus sign |
|
|
249 |
(__-__). |
|
|
250 |
|
|
|
251 |
|
|
|
252 |
The __*__ specifies that all messages for the specified |
|
|
253 |
facility are to be directed to the destination. Note that |
|
|
254 |
this behavior is degenerate with specifying a priority level |
|
|
255 |
of debug. Users have indicated that the asterisk notation is |
|
|
256 |
more intuitive. |
|
|
257 |
|
|
|
258 |
|
|
|
259 |
The __=__ wildcard is used to restrict logging to the |
|
|
260 |
specified priority class. This allows, for example, routing |
|
|
261 |
only debug messages to a particular logging |
|
|
262 |
source. |
|
|
263 |
|
|
|
264 |
|
|
|
265 |
For example the following line in ''syslog.conf'' would |
|
|
266 |
direct debug messages from all sources to the |
|
|
267 |
''/usr/adm/debug'' file. |
|
|
268 |
|
|
|
269 |
|
|
|
270 |
# Sample syslog.conf |
|
|
271 |
*.=debug /usr/adm/debug |
|
|
272 |
|
|
|
273 |
|
|
|
274 |
The __!__ is used to exclude logging of the specified |
|
|
275 |
priorities. This affects all (!) possibilities of specifying |
|
|
276 |
priorities. |
|
|
277 |
|
|
|
278 |
|
|
|
279 |
For example the following lines would log all messages of |
|
|
280 |
the facility mail except those with the priority info to the |
|
|
281 |
''/usr/adm/mail'' file. And all messages from news.info |
|
|
282 |
(including) to news.crit (excluding) would be logged to the |
|
|
283 |
''/usr/adm/news'' file. |
|
|
284 |
|
|
|
285 |
|
|
|
286 |
# Sample syslog.conf |
|
|
287 |
mail.*;mail.!=info /usr/adm/mail |
|
|
288 |
news.info;news.!crit /usr/adm/news |
|
|
289 |
|
|
|
290 |
|
|
|
291 |
You may use it intuitively as an exception specifier. The |
|
|
292 |
above mentioned interpretation is simply inverted. Doing |
|
|
293 |
that you may use |
|
|
294 |
|
|
|
295 |
|
|
|
296 |
mail.none |
|
|
297 |
or |
|
|
298 |
|
|
|
299 |
|
|
|
300 |
mail.!* |
|
|
301 |
or |
|
|
302 |
|
|
|
303 |
|
|
|
304 |
mail.!debug |
|
|
305 |
to skip every message that comes with a mail facility. There is much room to play with it. :-) |
|
|
306 |
|
|
|
307 |
|
|
|
308 |
The __-__ may only be used to prefix a filename if you |
|
|
309 |
want to omit sync'ing the file after every write to |
|
|
310 |
it. |
|
|
311 |
|
|
|
312 |
|
|
|
313 |
This may take some acclimatization for those individuals |
|
|
314 |
used to the pure BSD behavior but testers have indicated |
|
|
315 |
that this syntax is somewhat more flexible than the BSD |
|
|
316 |
behavior. Note that these changes should not affect standard |
2 |
perry |
317 |
syslog.conf(5) files. You must specifically modify |
1 |
perry |
318 |
the configuration files to obtain the enhanced |
|
|
319 |
behavior. |
|
|
320 |
!!SUPPORT FOR REMOTE LOGGING |
|
|
321 |
|
|
|
322 |
|
|
|
323 |
These modifications provide network support to the syslogd |
|
|
324 |
facility. Network support means that messages can be |
|
|
325 |
forwarded from one node running syslogd to another node |
|
|
326 |
running syslogd where they will be actually logged to a disk |
|
|
327 |
file. |
|
|
328 |
|
|
|
329 |
|
|
|
330 |
To enable this you have to specify the __-r__ option on |
|
|
331 |
the command line. The default behavior is that |
|
|
332 |
__syslogd__ won't listen to the network. |
|
|
333 |
|
|
|
334 |
|
|
|
335 |
The strategy is to have syslogd listen on a unix domain |
|
|
336 |
socket for locally generated log messages. This behavior |
|
|
337 |
will allow syslogd to inter-operate with the syslog found in |
|
|
338 |
the standard C library. At the same time syslogd listens on |
|
|
339 |
the standard syslog port for messages forwarded from other |
|
|
340 |
hosts. To have this work correctly the services(5) |
|
|
341 |
files (typically found in ''/etc'') must have the |
|
|
342 |
following entry: |
|
|
343 |
|
|
|
344 |
|
|
|
345 |
syslog 514/udp |
|
|
346 |
|
|
|
347 |
|
|
|
348 |
If this entry is missing __syslogd__ neither can receive |
|
|
349 |
remote messages nor send them, because the UDP port cant be |
|
|
350 |
opened. Instead __syslogd__ will die immediately, blowing |
|
|
351 |
out an error message. |
|
|
352 |
|
|
|
353 |
|
|
|
354 |
To cause messages to be forwarded to another host replace |
|
|
355 |
the normal file line in the ''syslog.conf'' file with the |
|
|
356 |
name of the host to which the messages is to be sent |
|
|
357 |
prepended with an @. |
|
|
358 |
|
|
|
359 |
|
|
|
360 |
For example, to forward __ALL__ messages to a remote host |
|
|
361 |
use the following ''syslog.conf'' entry: |
|
|
362 |
|
|
|
363 |
|
|
|
364 |
# Sample syslogd configuration file to |
|
|
365 |
# messages to a remote host forward all. |
|
|
366 |
*.* @hostname |
|
|
367 |
To forward all __kernel__ messages to a remote host the configuration file would be as follows: |
|
|
368 |
|
|
|
369 |
|
|
|
370 |
# Sample configuration file to forward all kernel |
|
|
371 |
# messages to a remote host. |
|
|
372 |
kern.* @hostname |
|
|
373 |
|
|
|
374 |
|
|
|
375 |
If the remote hostname cannot be resolved at startup, |
|
|
376 |
because the name-server might not be accessible (it may be |
|
|
377 |
started after syslogd) you don't have to worry. |
|
|
378 |
__Syslogd__ will retry to resolve the name ten times and |
|
|
379 |
then complain. Another possibility to avoid this is to place |
|
|
380 |
the hostname in ''/etc/hosts''. |
|
|
381 |
|
|
|
382 |
|
|
|
383 |
With normal __syslogd__s you would get syslog-loops if |
|
|
384 |
you send out messages that were received from a remote host |
|
|
385 |
to the same host (or more complicated to a third host that |
|
|
386 |
sends it back to the first one, and so on). In my domain |
|
|
387 |
(Infodrom Oldenburg) we accidently got one and our disks |
|
|
388 |
filled up with the same single message. :-( |
|
|
389 |
|
|
|
390 |
|
|
|
391 |
To avoid this in further times no messages that were |
|
|
392 |
received from a remote host are sent out to another (or the |
|
|
393 |
same) remote host anymore. If there are scenarios where this |
|
|
394 |
doesn't make sense, please drop me (Joey) a |
|
|
395 |
line. |
|
|
396 |
|
|
|
397 |
|
|
|
398 |
If the remote host is located in the same domain as the |
|
|
399 |
host, __syslogd__ is running on, only the simple hostname |
|
|
400 |
will be logged instead of the whole fqdn. |
|
|
401 |
|
|
|
402 |
|
|
|
403 |
In a local network you may provide a central log server to |
|
|
404 |
have all the important information kept on one machine. If |
|
|
405 |
the network consists of different domains you don't have to |
|
|
406 |
complain about logging fully qualified names instead of |
|
|
407 |
simple hostnames. You may want to use the strip-domain |
|
|
408 |
feature __-s__ of this server. You can tell the |
|
|
409 |
__syslogd__ to strip off several domains other than the |
|
|
410 |
one the server is located in and only log simple |
|
|
411 |
hostnames. |
|
|
412 |
|
|
|
413 |
|
|
|
414 |
Using the __-l__ option there's also a possibility to |
|
|
415 |
define single hosts as local machines. This, too, results in |
|
|
416 |
logging only their simple hostnames and not the |
|
|
417 |
fqdns. |
|
|
418 |
|
|
|
419 |
|
|
|
420 |
The UDP socket used to forward messages to remote hosts or |
|
|
421 |
to receive messages from them is only opened when it is |
|
|
422 |
needed. In releases prior to 1.3-23 it was opened every time |
|
|
423 |
but not opened for reading or forwarding |
|
|
424 |
respectively. |
|
|
425 |
!!OUTPUT TO NAMED PIPES (FIFOs) |
|
|
426 |
|
|
|
427 |
|
|
|
428 |
This version of syslogd has support for logging output to |
|
|
429 |
named pipes (fifos). A fifo or named pipe can be used as a |
|
|
430 |
destination for log messages by prepending a pipy symbol |
|
|
431 |
(``|'') to the name of the file. This is handy for |
|
|
432 |
debugging. Note that the fifo must be created with the |
|
|
433 |
mkfifo command before syslogd is started. |
|
|
434 |
|
|
|
435 |
|
|
|
436 |
The following configuration file routes debug messages from |
|
|
437 |
the kernel to a fifo: |
|
|
438 |
|
|
|
439 |
|
|
|
440 |
# Sample configuration to route kernel debugging |
|
|
441 |
# messages ONLY to /usr/adm/debug which is a |
|
|
442 |
# named pipe. |
|
|
443 |
kern.=debug |/usr/adm/debug |
|
|
444 |
!!INSTALLATION CONCERNS |
|
|
445 |
|
|
|
446 |
|
|
|
447 |
There is probably one important consideration when |
|
|
448 |
installing this version of syslogd. This version of syslogd |
|
|
449 |
is dependent on proper formatting of messages by the syslog |
|
|
450 |
function. The functioning of the syslog function in the |
|
|
451 |
shared libraries changed somewhere in the region of |
|
|
452 |
libc.so.4.[[2-4].n. The specific change was to null-terminate |
|
|
453 |
the message before transmitting it to the ''/dev/log'' |
|
|
454 |
socket. Proper functioning of this version of syslogd is |
|
|
455 |
dependent on null-termination of the message. |
|
|
456 |
|
|
|
457 |
|
|
|
458 |
This problem will typically manifest itself if old |
|
|
459 |
statically linked binaries are being used on the system. |
|
|
460 |
Binaries using old versions of the syslog function will |
|
|
461 |
cause empty lines to be logged followed by the message with |
|
|
462 |
the first character in the message removed. Relinking these |
|
|
463 |
binaries to newer versions of the shared libraries will |
|
|
464 |
correct this problem. |
|
|
465 |
|
|
|
466 |
|
|
|
467 |
Both the syslogd(8) and the klogd(8) can |
|
|
468 |
either be run from init(8) or started as part of the |
|
|
469 |
rc.* sequence. If it is started from init the option |
|
|
470 |
''-n'' must be set, otherwise you'll get tons of syslog |
|
|
471 |
daemons started. This is because init(8) depends on |
|
|
472 |
the process ID. |
|
|
473 |
!!SECURITY THREATS |
|
|
474 |
|
|
|
475 |
|
|
|
476 |
There is the potential for the syslogd daemon to be used as |
|
|
477 |
a conduit for a denial of service attack. Thanks go to John |
|
|
478 |
Morrison (jmorriso@rflab.ee.ubc.ca) for alerting me to this |
|
|
479 |
potential. A rogue program(mer) could very easily flood the |
|
|
480 |
syslogd daemon with syslog messages resulting in the log |
|
|
481 |
files consuming all the remaining space on the filesystem. |
|
|
482 |
Activating logging over the inet domain sockets will of |
|
|
483 |
course expose a system to risks outside of programs or |
|
|
484 |
individuals on the local machine. |
|
|
485 |
|
|
|
486 |
|
|
|
487 |
There are a number of methods of protecting a |
|
|
488 |
machine: |
|
|
489 |
|
|
|
490 |
|
|
|
491 |
1. |
|
|
492 |
|
|
|
493 |
|
|
|
494 |
Implement kernel firewalling to limit which hosts or |
|
|
495 |
networks have access to the 514/UDP socket. |
|
|
496 |
|
|
|
497 |
|
|
|
498 |
2. |
|
|
499 |
|
|
|
500 |
|
|
|
501 |
Logging can be directed to an isolated or non-root |
|
|
502 |
filesystem which, if filled, will not impair the |
|
|
503 |
machine. |
|
|
504 |
|
|
|
505 |
|
|
|
506 |
3. |
|
|
507 |
|
|
|
508 |
|
|
|
509 |
The ext2 filesystem can be used which can be configured to |
|
|
510 |
limit a certain percentage of a filesystem to usage by root |
|
|
511 |
only. __NOTE__ that this will require syslogd to be run |
|
|
512 |
as a non-root process. __ALSO NOTE__ that this will |
|
|
513 |
prevent usage of remote logging since syslogd will be unable |
|
|
514 |
to bind to the 514/UDP socket. |
|
|
515 |
|
|
|
516 |
|
|
|
517 |
4. |
|
|
518 |
|
|
|
519 |
|
|
|
520 |
Disabling inet domain sockets will limit risk to the local |
|
|
521 |
machine. |
|
|
522 |
|
|
|
523 |
|
|
|
524 |
5. |
|
|
525 |
|
|
|
526 |
|
|
|
527 |
Use step 4 and if the problem persists and is not secondary |
|
|
528 |
to a rogue program/daemon get a 3.5 ft (approx. 1 meter) |
|
|
529 |
length of sucker rod* and have a chat with the user in |
|
|
530 |
question. |
|
|
531 |
|
|
|
532 |
|
|
|
533 |
Sucker rod def. -- 3/4, 7/8 or 1in. hardened steel rod, male |
|
|
534 |
threaded on each end. Primary use in the oil industry in |
|
|
535 |
Western North Dakota and other locations to pump 'suck' oil |
|
|
536 |
from oil wells. Secondary uses are for the construction of |
|
|
537 |
cattle feed lots and for dealing with the occasional |
|
|
538 |
recalcitrant or belligerent individual. |
|
|
539 |
!!DEBUGGING |
|
|
540 |
|
|
|
541 |
|
|
|
542 |
When debugging is turned on using __-d__ option then |
|
|
543 |
__syslogd__ will be very verbose by writing much of what |
|
|
544 |
it does on stdout. Whenever the configuration file is reread |
|
|
545 |
and re-parsed you'll see a tabular, corresponding to the |
|
|
546 |
internal data structure. This tabular consists of four |
|
|
547 |
fields: |
|
|
548 |
|
|
|
549 |
|
|
|
550 |
''number'' |
|
|
551 |
|
|
|
552 |
|
|
|
553 |
This field contains a serial number starting by zero. This |
|
|
554 |
number represents the position in the internal data |
|
|
555 |
structure (i.e. the array). If one number is left out then |
|
|
556 |
there might be an error in the corresponding line in |
|
|
557 |
''/etc/syslog.conf''. |
|
|
558 |
|
|
|
559 |
|
|
|
560 |
''pattern'' |
|
|
561 |
|
|
|
562 |
|
|
|
563 |
This field is tricky and represents the internal structure |
|
|
564 |
exactly. Every column stands for a facility (refer to |
|
|
565 |
syslog(3)). As you can see, there are still some |
|
|
566 |
facilities left free for former use, only the left most are |
|
|
567 |
used. Every field in a column represents the priorities |
|
|
568 |
(refer to syslog(3)). |
|
|
569 |
|
|
|
570 |
|
|
|
571 |
''action'' |
|
|
572 |
|
|
|
573 |
|
|
|
574 |
This field describes the particular action that takes place |
|
|
575 |
whenever a message is received that matches the pattern. |
2 |
perry |
576 |
Refer to the syslog.conf(5) manpage for all possible |
1 |
perry |
577 |
actions. |
|
|
578 |
|
|
|
579 |
|
|
|
580 |
''arguments'' |
|
|
581 |
|
|
|
582 |
|
|
|
583 |
This field shows additional arguments to the actions in the |
|
|
584 |
last field. For file-logging this is the filename for the |
|
|
585 |
logfile; for user-logging this is a list of users; for |
|
|
586 |
remote logging this is the hostname of the machine to log |
|
|
587 |
to; for console-logging this is the used console; for |
|
|
588 |
tty-logging this is the specified tty; wall has no |
|
|
589 |
additional arguments. |
|
|
590 |
!!FILES |
|
|
591 |
|
|
|
592 |
|
|
|
593 |
''/etc/syslog.conf'' |
|
|
594 |
|
|
|
595 |
|
|
|
596 |
Configuration file for __syslogd__. See |
2 |
perry |
597 |
syslog.conf(5) for exact information. |
1 |
perry |
598 |
|
|
|
599 |
|
|
|
600 |
''/dev/log'' |
|
|
601 |
|
|
|
602 |
|
|
|
603 |
The Unix domain socket to from where local syslog messages |
|
|
604 |
are read. |
|
|
605 |
|
|
|
606 |
|
|
|
607 |
''/var/run/syslogd.pid'' |
|
|
608 |
|
|
|
609 |
|
|
|
610 |
The file containing the process id of |
|
|
611 |
__syslogd__. |
|
|
612 |
!!BUGS |
|
|
613 |
|
|
|
614 |
|
|
|
615 |
If an error occurs in one line the whole rule is |
|
|
616 |
ignored. |
|
|
617 |
|
|
|
618 |
|
|
|
619 |
__Syslogd__ doesn't change the filemode of opened |
|
|
620 |
logfiles at any stage of process. If a file is created it is |
|
|
621 |
world readable. If you want to avoid this, you have to |
|
|
622 |
create it and change permissions on your own. This could be |
|
|
623 |
done in combination with rotating logfiles using the |
|
|
624 |
savelog(8) program that is shipped in the |
|
|
625 |
__smail__ 3.x distribution. Remember that it might be a |
|
|
626 |
security hole if everybody is able to read auth.* messages |
|
|
627 |
as these might contain passwords. |
|
|
628 |
!!SEE ALSO |
|
|
629 |
|
|
|
630 |
|
2 |
perry |
631 |
syslog.conf(5), klogd(8), logger(1), |
1 |
perry |
632 |
syslog(2), syslog(3), services(5), |
|
|
633 |
savelog(8) |
|
|
634 |
!!COLLABORATORS |
|
|
635 |
|
|
|
636 |
|
|
|
637 |
__Syslogd__ is taken from BSD sources, Greg Wettstein |
|
|
638 |
(greg@wind.enjellic.com) performed the port to Linux, Martin |
|
|
639 |
Schulze (joey@linux.de) fixed some bugs and added several |
|
|
640 |
new features. __Klogd__ was originally written by Steve |
|
|
641 |
Lord (lord@cray.com), Greg Wettstein made major |
|
|
642 |
improvements. |
|
|
643 |
|
|
|
644 |
|
|
|
645 |
Dr. Greg Wettstein |
|
|
646 |
|
|
|
647 |
|
|
|
648 |
Enjellic Systems Development |
|
|
649 |
|
|
|
650 |
|
|
|
651 |
Oncology Research Division Computing Facility |
|
|
652 |
|
|
|
653 |
|
|
|
654 |
Roger Maris Cancer Center |
|
|
655 |
|
|
|
656 |
|
|
|
657 |
Fargo, ND |
|
|
658 |
|
|
|
659 |
|
|
|
660 |
greg@wind.enjellic.com |
|
|
661 |
|
|
|
662 |
|
|
|
663 |
Stephen Tweedie |
|
|
664 |
|
|
|
665 |
|
|
|
666 |
Department of Computer Science |
|
|
667 |
|
|
|
668 |
|
|
|
669 |
Edinburgh University, Scotland |
|
|
670 |
|
|
|
671 |
|
|
|
672 |
sct@dcs.ed.ac.uk |
|
|
673 |
|
|
|
674 |
|
|
|
675 |
Juha Virtanen |
|
|
676 |
|
|
|
677 |
|
|
|
678 |
jiivee@hut.fi |
|
|
679 |
|
|
|
680 |
|
|
|
681 |
Shane Alderton |
|
|
682 |
|
|
|
683 |
|
|
|
684 |
shane@ion.apana.org.au |
|
|
685 |
|
|
|
686 |
|
|
|
687 |
Martin Schulze |
|
|
688 |
|
|
|
689 |
|
|
|
690 |
Infodrom Oldenburg |
|
|
691 |
|
|
|
692 |
|
|
|
693 |
joey@linux.de |
|
|
694 |
---- |