man.bsd.lv manual page server

Manual Page Search Parameters

SYSLOG(3) Library Functions Manual SYSLOG(3)

syslog, syslog_r, vsyslog, vsyslog_r, syslogp, syslogp_r, vsyslogp, vsyslogp_r, openlog, openlog_r, closelog, closelog_r, setlogmask, setlogmask_rcontrol system log

library “libc”

#include <syslog.h>

void
syslog(int priority, const char *message, ...);

void
syslog_r(int priority, struct syslog_data *data, const char *message, ...);

void
syslogp(int priority, const char *msgid, const char *sdfmt, const char *message, ...);

void
syslogp_r(int priority, struct syslog_data *data, const char *msgid, const char *sdfmt, const char *message, ...);

void
openlog(const char *ident, int logopt, int facility);

void
openlog_r(const char *ident, int logopt, int facility, struct syslog_data *data);

void
closelog(void);

void
closelog_r(struct syslog_data *data);

int
setlogmask(int maskpri);

int
setlogmask_r(int maskpri, struct syslog_data *data);

#include <stdarg.h>

void
vsyslog(int priority, const char *message, va_list args);

void
vsyslog_r(int priority, struct syslog_data *data, const char *message, va_list args);

void
vsyslogp(int priority, const char *msgid, const char *sdfmt, const char *message, va_list args);

void
vsyslogp_r(int priority, struct syslog_data *data, const char *msgid, const char *sdfmt, const char *message, va_list args);

The () function writes message to the system message logger. The message is then written to the system console, log files, logged-in users, or forwarded to other machines as appropriate (see syslogd(8)).

The message is identical to a printf(3) format string, except that ‘%m’ is replaced by the current error message. (As denoted by the global variable errno; see strerror(3).) A trailing newline is added if none is present.

The () function is a multithread-safe version of the syslog() function. It takes a pointer to a syslog_data structure which is used to store information. This parameter must be initialized before syslog_r() is called. The SYSLOG_DATA_INIT constant is used for this purpose. The syslog_data structure and the SYSLOG_DATA_INIT constant are defined as:

struct syslog_data {
        int             log_file;
        int             connected;
        int             opened;
        int             log_stat;
        const char     *log_tag;
        int             log_fac;
        int             log_mask;
};

#define SYSLOG_DATA_INIT { \
    .log_file = -1, \
    .log_fac = LOG_USER, \
    .log_mask = 0xff, \
}

The structure is composed of the following elements:

log_file
contains the file descriptor of the file where the message is logged
connected
indicates if connect has been done
opened
indicates if () has been called
log_stat
status bits, set by openlog_r()
log_tag
string to tag the entry with
log_fac
facility code
log_mask
mask of priorities to be logged

The () function is an alternative form in which the arguments have already been captured using the variable-length argument facilities of stdarg(3).

The () variants take additional arguments which correspond to new fields in the syslog-protocol message format. All three arguments are evaluated as printf(3) format strings and any of them can be NULL. This enables applications to use message IDs, structured data, and UTF-8 encoded content in messages.

The message is tagged with priority. Priorities are encoded as a facility and a . The facility describes the part of the system generating the message. The level is selected from the following (high to low) list:

A panic condition. This is normally broadcast to all users.
A condition that should be corrected immediately, such as a corrupted system database.
Critical conditions, e.g., hard device errors.
Errors.
Warning messages.
Conditions that are not error conditions, but should possibly be handled specially.
Informational messages.
Messages that contain information normally of use only when debugging a program.

The () is used the same way as vsyslog() except that it takes an additional pointer to a syslog_data structure. It is a multithread-safe version of the vsyslog() function described above.

The () function provides for more specialized processing of the messages sent by syslog() and vsyslog(). The parameter ident is a string that will be prepended to every message. The logopt argument is a bit field specifying logging options, which is formed by OR'ing one or more of the following values:

If syslog() cannot pass the message to syslogd(8) it will attempt to write the message to the console (“/dev/console”).
Open the connection to syslogd(8) immediately. Normally the open is delayed until the first message is logged. Useful for programs that need to manage the order in which file descriptors are allocated.
Stops syslog from writing to the system log. Only useful with LOG_PERROR.
Write the message to standard error output as well to the system log.
Log the process id with each message: useful for identifying instantiations of daemons. (This PID is placed within brackets between the ident and the message.)
Trim anything syslog added to the message before writing to standard error output.

The facility parameter encodes a default facility to be assigned to all messages that do not have an explicit facility encoded:

The authorization system: login(1), su(1), getty(8), etc.
The same as LOG_AUTH, but logged to a file readable only by selected individuals.
The cron daemon: cron(8).
System daemons, such as routed(8), that are not provided for explicitly by other facilities.
The file transfer protocol daemon: ftpd(8).
Messages generated by the kernel. These cannot be generated by any user processes.
The line printer spooling system: lpr(1), lpc(8), lpd(8), etc.
The mail system.
The network news system.
Messages generated internally by syslogd(8).
Messages generated by random user processes. This is the default facility identifier if none is specified.
The uucp system.
Reserved for local use. Similarly for LOG_LOCAL1 through LOG_LOCAL7.

The () function is the multithread-safe version of the openlog() function. It takes an additional pointer to a syslog_data structure. This function must be used in conjunction with the other multithread-safe functions.

The () function can be used to close the log file.

The () does the same thing as closelog(3) but in a multithread-safe way and takes an additional pointer to a syslog_data structure.

The () function sets the log priority mask to maskpri and returns the previous mask. Calls to syslog() with a priority not set in maskpri are rejected. The mask for an individual priority pri is calculated by the macro (pri); the mask for all priorities up to and including toppri is given by the macro (toppri). The default allows all priorities to be logged.

The () function is the multithread-safe version of setlogmask(). It takes an additional pointer to a syslog_data structure.

The routines closelog(), closelog_r(), openlog(), openlog_r(), syslog(), syslog_r(), vsyslog(), vsyslog_r(), syslogp(), syslogp_r(), vsyslogp(), and vsyslogp_r() return no value.

The routines setlogmask() and setlogmask_r() always return the previous log mask level.

syslog(LOG_ALERT, "who: internal error 23");

openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);

setlogmask(LOG_UPTO(LOG_ERR));

syslog(LOG_INFO, "Connection from host %d", CallingHost);

syslog(LOG_INFO|LOG_LOCAL2, "foobar error: %m");

syslogp(LOG_INFO|LOG_LOCAL2, NULL, NULL, "foobar error: %m");

syslogp(LOG_INFO, "ID%d", "[meta language=\"en-US\"]",
        "event: %s", 42, EventDescription);

For the multithread-safe functions:

struct syslog_data sdata = SYSLOG_DATA_INIT;

syslog_r(LOG_INFO|LOG_LOCAL2, &sdata, "foobar error: %m");

logger(1), syslogd(8)

The BSD syslog Protocol, RFC, 3164, August 2001.

The syslog Protocol, Internet-Draft, draft-ietf-syslog-protocol-23, September 2007.

These non-multithread-safe functions appeared in 4.2BSD. The multithread-safe functions appeared in OpenBSD 3.1 and then in NetBSD 4.0. The async-signal-safe functions appeared in NetBSD 4.0. The syslog-protocol functions appeared in NetBSD 5.0.

It is important never to pass a string with user-supplied data as a format without using ‘%s’. An attacker can put format specifiers in the string to mangle your stack, leading to a possible security hole. This holds true even if you have built the string “by hand” using a function like snprintf(), as the resulting string may still contain user-supplied conversion specifiers for later interpolation by syslog().

Always be sure to use the proper secure idiom:

syslog(priority, "%s", string);

With syslogp() the caller is responsible to use the right formatting for the message fields. A msgid must only contain up to 32 ASCII characters. A sdfmt has strict rules for parenthesis and character quoting. If the msgfmt contains UTF-8 characters, then it has to start with a Byte Order Mark.

March 22, 2017 NetBSD-9.2