SYSLOG-NGSection: Maintenance Commands (8) |
NAME
syslog-ng - logs system messagesSYNOPSIS
NOTE: This file is not up to date. Please refer to the html documentation.
syslog-ng [ -dvV ] [ -f <config-filename> ] [ -p <pid-filename> ] [ -C <chroot-dir> ]
DESCRIPTION
syslog-ng reads and logs messages to the system console, log files, other machines and/or users as specified by its configuration file.
The configuration file is read at startup and is reread after receipt of a hangup (HUP) signal. When reloading the configuration file, all destination files are closed and reopened as appropriate. For more information about the configuration file, see syslog-ng.conf(5).
Typically messages are sent to syslog-ng via a Unix domain socket (/dev/log) or via UDP, to port 514 or to whatever syslog/udp is defined to be in /etc/services. To receieve messages from the kernel, /dev/klog is opened for reading.
Messages sent to syslog-ng should be an entire line, prefixed by a priority code in between '<' and '>'. Definititions of the recognised values can be found in the include file <sys/syslog.h>.
syslog-ng can be configured to pass messages on to other syslog-ng's and when doing so, it sends the message on with the priority as a prefix.
It is not necessary to terminate a message with a line feed or carriage return.
HASHING
NOTE: as of syslog-ng 1.1.11, hashing is not supported yet.
syslog-ng supports keeping of hash values along side the actual log file. To initialize hashing for the first time, you will need to use the program genh0, which generates the initial hash for a log file based on random salt and the passphrase you enter. The password (or pass phrase) must be at least 20 characters and at most 128 characters. For security reasons it is NOT saved in any file and IT SHOULD NOT be put in any file. Wiriting it down on paper, if you have to, is much more acceptable so long as the paper is "secure". The salt used is saved to /etc/syslog-ng/hashlog-filename.salt and the result is saved to hashlog-filename.H0. As each line is received by syslog-ng, an matching entry is written to hashlog-filename.sha1. You can use checkhash program to check if all the log entries are intact.
When syslog-ng receives a HUP signal or is about to exit, it saves all the hashing seeds out to the relevaant .H0 file. From time to time, syslog-ng will also save all the current values as a "checkpoint".
OPTIONS
- -d
- Set "debug mode". Prints out various messages to aid in debugging and stops it from becoming a daemon. To activate debugging in the yacc parser, either use this option twice or combine with -v.
- -f <filename>
- Instead of reading the normal /etc/syslog-ng/syslog-ng.conf file for configuration information, use the filename given instead.
- -p <filename>
- Write the current PID information to the specified file.
- -v
- Enable verbose mode. Process will not become a daemon. Prints out fewer messages, compared to -d.
- -V
- Print the version number.
DIAGNOSTICS
It is expected that syslog-ng will run as root, however, if not running on a priviledged port of it it owned its own log directories, etc, it might run as a non-root user.SEE ALSO
logger(1), syslog(3), services(5), syslog.conf(5), syslog-ng.conf(5)FILES
/etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/filename.sha1 /etc/syslog-ng/filename.H0 /etc/syslog-ng/filename.salt/var/run/syslog.pid
BUGS
If you find any, please send email to me at bazsi@balabit.hu