NAME
syslog, syslog_r,
vsyslog, vsyslog_r,
openlog, openlog_r,
closelog, closelog_r,
setlogmask, setlogmask_r
— control system log
SYNOPSIS
#include
<syslog.h>
#include <stdarg.h>
void
syslog(int
priority, const char
*message, ...);
void
syslog_r(int
priority, struct
syslog_data *data, const
char *message,
...);
void
vsyslog(int
priority, const char
*message, va_list
args);
void
vsyslog_r(int
priority, struct
syslog_data *data, const
char *message, va_list
args);
void
openlog(const
char *ident, int
logopt, int
facility);
void
openlog_r(const
char *ident, int
logopt, int
facility, struct
syslog_data *data);
void
closelog(void);
void
closelog_r(struct
syslog_data *data);
int
setlogmask(int
maskpri);
int
setlogmask_r(int
maskpri, struct
syslog_data *data);
DESCRIPTION
The
syslog()
function writes message to the system message logger.
The message is then written to the system console, log files, logged-in
users, or forwarded to other machines as appropriate (see
syslogd(8)).
The message is identical to a
printf(3)
format string, except that ‘%m’ is
replaced by the current error message (as denoted by the global variable
errno; see
strerror(3)). A trailing newline is added if none is present.
The
syslog_r()
function is a reentrant version of the syslog()
function. It takes a pointer to a syslog_data
structure which is used to store information. This parameter must be
initialized before syslog_r() is called. The
SYSLOG_DATA_INIT constant is used for this
purpose.
The
vsyslog()
function is an alternate form in which the arguments have already been
captured using the variable-length argument facilities of
va_start(3).
The message is tagged with priority. Priorities are encoded as a facility and a level. The facility describes the part of the system generating the message:
LOG_AUTH- The authorization system: login(1), su(1), getty(8), etc.
LOG_AUTHPRIV- The same as
LOG_AUTH, but logged to a file readable only by selected individuals. LOG_CRON- The cron daemon, cron(8).
LOG_DAEMON- System daemons, such as dhcpd(8), that are not provided for explicitly by other facilities.
LOG_FTP- The file transfer protocol daemon, ftpd(8).
LOG_KERN- Messages generated by the kernel. These cannot be generated by any user processes.
LOG_LPR- The line printer spooling system: lpr(1), lpc(8), lpd(8), etc.
LOG_MAIL- The mail system.
LOG_NEWS- The network news system.
LOG_SYSLOG- Messages generated internally by syslogd(8).
LOG_USER- Messages generated by random user processes. This is the default facility identifier if none is specified.
LOG_UUCP- The UUCP system.
LOG_LOCAL0- Reserved for local use. Similarly for
LOG_LOCAL1throughLOG_LOCAL7.
The level (ORed with the facility) is selected from the following list, ordered by decreasing importance:
LOG_EMERG- A panic condition. This is normally broadcast to all users.
LOG_ALERT- A condition that should be corrected immediately, such as a corrupted system database.
LOG_CRIT- Critical conditions, e.g., hard device errors.
LOG_ERR- Errors.
LOG_WARNING- Warning messages.
LOG_NOTICE- Conditions that are not error conditions, but should possibly be handled specially.
LOG_INFO- Informational messages.
LOG_DEBUG- Messages that contain information normally of use only when debugging a program.
The
vsyslog_r()
function is used the same way as vsyslog() except
that it takes an additional pointer to a syslog_data
structure. It is a reentrant version of the
vsyslog() function described above.
The
openlog()
function provides for more specialized processing of the messages sent by
syslog() and vsyslog(). The
parameter ident points to a string that will be
prepended to every message; its storage must persist until
closelog() or the corresponding
closelog_r(). If the content of the string is
changed, behaviour is unspecified.
The logopt argument is a bit field specifying logging options, which is formed by OR'ing one or more of the following values:
LOG_CONS- If
syslog() cannot pass the message to syslogd(8), it will attempt to write the message to the console (/dev/console). LOG_NDELAY- Open the connection to syslogd(8) immediately. Normally the open is delayed until the first message is logged. Useful for programs that need to manage the order in which file descriptors are allocated. This option must be used in programs that call chroot(2) where the new root does not have its own log socket.
LOG_ODELAY- Delay opening the connection to
syslogd(8) until the first message is logged. This is the opposite
of
LOG_NDELAYand is the default behaviour when neither option is specified. LOG_PERROR- Write the message to standard error output as well as to the system log.
LOG_PID- Log the process ID with each message; useful for identifying instantiations of daemons.
The facility parameter encodes a default facility to be assigned to all messages that do not have an explicit facility encoded.
The
openlog_r()
function is the reentrant version of the openlog()
function. It takes an additional pointer to a
syslog_data structure. This function must be used in
conjunction with the other reentrant functions.
The
closelog()
function can be used to close the log file.
closelog_r()
does the same thing but in a reentrant way and takes an additional pointer
to a syslog_data structure.
The
setlogmask()
function sets the log priority mask to maskpri and
returns the previous mask. Calls to syslog() with a
priority not set in maskpri are rejected. The mask for
an individual priority pri is calculated by the macro
LOG_MASK(pri);
the mask for all priorities up to and including toppri
is given by the macro
LOG_UPTO(toppri).
The default allows all priorities to be logged, which corresponds to
setlogmask(LOG_UPTO(LOG_DEBUG)).
The
setlogmask_r()
function is the reentrant version of setlogmask().
It takes an additional pointer to a syslog_data
structure.
RETURN VALUES
The routines setlogmask() and
setlogmask_r() always return the previous log mask
level.
EXAMPLES
syslog(LOG_ALERT, "who: internal error 23");
openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
setlogmask(LOG_UPTO(LOG_ERR));
syslog(LOG_INFO, "Connection from host %d", CallingHost);
syslog(LOG_INFO|LOG_LOCAL2, "foobar error: %m");
For the reentrant functions:
struct syslog_data sdata = SYSLOG_DATA_INIT; syslog_r(LOG_INFO|LOG_LOCAL2, &sdata, "foobar error: %m");
SEE ALSO
STANDARDS
The functions syslog(),
openlog(), closelog(), and
setlogmask() conform to the X/Open Systems
Interfaces option of IEEE Std 1003.1-2008
(“POSIX.1”).
The facilities LOG_AUTHPRIV,
LOG_FTP, and LOG_SYSLOG, the
option LOG_PERROR, and the macro
LOG_UPTO() are extensions to that standard.
The standard option LOG_NOWAIT is
deprecated in OpenBSD and has no effect.
HISTORY
The functions syslog(),
openlog(), and closelog()
appeared in 4.2BSD,
setlogmask() in 4.3BSD, and
vsyslog() in
4.3BSD-Net/1.
The functions syslog_r(),
vsyslog_r(), openlog_r(),
closelog_r(), and
setlogmask_r() appeared in OpenBSD
3.1.
CAVEATS
It is important never to pass a string with user-supplied data as
a format without using ‘%s’. An
attacker can put format specifiers in the string to mangle the stack,
leading to a possible security hole. This holds true even if the string has
been built “by hand” using a function like
snprintf(), as the resulting string may still
contain user-supplied conversion specifiers for later interpolation by
syslog().
Always be sure to use the proper secure idiom:
syslog(priority, "%s", string);
syslog_r() and the other reentrant
functions should only be used where reentrancy is required (for instance, in
a signal handler). syslog() being not reentrant,
only syslog_r() should be used here. For more
information about reentrancy and signal handlers, see
signal(3).