SYSLOG(3) AerieBSD 1.0 Refernce Manual SYSLOG(3)

NAME

syslogsyslog_r, vsyslog, vsyslog_r, openlog, openlog_r, closelog, closelog_r, setlogmask, setlogmask_r control system log

SYNOPSIS

#include <syslog.h>
#include <stdarg.h>

void syslog(int priority, const char *message, ...);

void syslog_r(int priority, struct syslog_data *data, const char *message, ...);

void vsyslog(int priority, const char *message, va_list args);

void vsyslog_r(int priority, struct syslog_data *data, const char *message, va_list args);

void openlog(const char *ident, int logopt, int facility);

void openlog_r(const char *ident, int logopt, int facility, struct syslog_data *data);

void closelog(void);

void closelog_r(struct syslog_data *data);

int setlogmask(int maskpri);

int setlogmask_r(int maskpri, struct syslog_data *data); 


struct syslog_data {
        int             log_file;
        int             connected;
        int             opened;
        int             log_stat;
        const char     *log_tag;
        int             log_fac;
        int             log_mask;
};

#define SYSLOG_DATA_INIT {-1, 0, 0, 0, NULL, LOG_USER, 0xff}

DESCRIPTION

The syslog(); function writes message to the system message logger. The message is then written to the system console, log files, logged-in users, or forwarded to other machines as appropriate (see syslogd(8/)).

The message is identical to a printf(3) format string, except that "%m" is replaced by the current error message (as denoted by the global variable errno; see strerror(3/)). A trailing newline is added if none is present.

The syslog_r(); function is a reentrant version of the syslog(); function. It takes a pointer to a syslog_data structure which is used to store information. This parameter must be initialized before syslog_r(); is called. The SYSLOG_DATA_INIT constant is used for this purpose. The syslog_data structure is composed of the following elements:
log_file
contains the file descriptor of the file where the message is logged
connected
indicates if connect has been done
opened
indicates if openlog_r(); has been called
log_stat
status bits, set by openlog_r();
log_tag
string to tag the entry with
log_fac
facility code
log_mask
mask of priorities to be logged

The vsyslog(); function is an alternate form in which the arguments have already been captured using the variable-length argument facilities of varargs(3).

The message is tagged with priority. Priorities are encoded as a facility and a “level”. The facility describes the part of the system generating the message. The level is selected from the following ordered (high to low) list:
LOG_EMERG
A panic condition. This is normally broadcast to all users.
LOG_ALERT
A condition that should be corrected immediately, such as a corrupted system database.
LOG_CRIT
Critical conditions, e.g., hard device errors.
LOG_ERR
Errors.
LOG_WARNING
Warning messages.
LOG_NOTICE
Conditions that are not error conditions, but should possibly be handled specially.
LOG_INFO
Informational messages.
LOG_DEBUG
Messages that contain information normally of use only when debugging a program.

The vsyslog_r(); is used the same way as vsyslog(); except that it takes an additional pointer to a syslog_data structure. It is a reentrant version of the vsyslog(); function described above.

The openlog(); function provides for more specialized processing of the messages sent by syslog(); and vsyslog();. The parameter ident is a string that will be prepended to every message. The logopt argument is a bit field specifying logging options, which is formed by OR one or more of the following values:
LOG_CONS
If syslog(); cannot pass the message to syslogd(8) it will attempt to write the message to the console (/dev/console).
LOG_NDELAY
Open the connection to syslogd(8) immediately. Normally the open is delayed until the first message is logged. Useful for programs that need to manage the order in which file descriptors are allocated. This option must be used in programs that call chroot(2) where the new root does not have its own log socket.
LOG_PERROR
Write the message to standard error output as well as to the system log.
LOG_PID
Log the process ID with each message; useful for identifying instantiations of daemons.

The facility parameter encodes a default facility to be assigned to all messages that do not have an explicit facility encoded:
LOG_AUTH
The authorization system: login(1), su(1), getty(8), etc.
LOG_AUTHPRIV
The same as LOG_AUTH, but logged to a file readable only by selected individuals.
LOG_CRON
The cron daemon, cron(8).
LOG_DAEMON
System daemons, such as dhcpd(8), that are not provided for explicitly by other facilities.
LOG_FTP
The file transfer protocol daemon, ftpd(8).
LOG_KERN
Messages generated by the kernel. These cannot be generated by any user processes.
LOG_LPR
The line printer spooling system: lpr(1), lpc(8), lpd(8), etc.
LOG_MAIL
The mail system.
LOG_NEWS
The network news system.
LOG_SYSLOG
Messages generated internally by syslogd(8).
LOG_USER
Messages generated by random user processes. This is the default facility identifier if none is specified.
LOG_UUCP
The UUCP system.
LOG_LOCAL0
Reserved for local use. Similarly for LOG_LOCAL1 through LOG_LOCAL7.

The openlog_r(); function is the reentrant version of the openlog(); function. It takes an additional pointer to a syslog_data structure. This function must be used in conjunction with the other reentrant functions.

The closelog(); function can be used to close the log file. closelog_r(); does the same thing but in a reentrant way and takes an additional pointer to a syslog_data structure.

The setlogmask(); function sets the log priority mask to maskpri and returns the previous mask. Calls to syslog(); with a priority not set in maskpri are rejected. The mask for an individual priority pri is calculated by the macro LOG_MASK(pri);; the mask for all priorities up to and including toppri is given by the macro LOG_UPTO(toppri);. The default allows all priorities to be logged.

The setlogmask_r(); function is the reentrant version of setlogmask();. It takes an additional pointer to a syslog_data structure.

RETURN VALUES

The closelog();, closelog_r();, openlog();, openlog_r();, syslog();, syslog_r();, vsyslog();, and vsyslog_r(); functions return no value.

The routines setlogmask(); and setlogmask_r(); always return the previous log mask level.

EXAMPLES

syslog(LOG_ALERT, "who: internal error 23");

openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);

setlogmask(LOG_UPTO(LOG_ERR));

syslog(LOG_INFO, "Connection from host %d", CallingHost);

syslog(LOG_INFO|LOG_LOCAL2, "foobar error: %m");

For the reentrant functions: 

struct syslog_data sdata = SYSLOG_DATA_INIT;

syslog_r(LOG_INFO|LOG_LOCAL2, &sdata, "foobar error: %m");

SEE ALSO

logger(1), syslogd(8)

HISTORY

These functions appeared in 4.2BSD. The reentrant functions appeared in OpenBSD 3.1.

CAVEATS

It is important never to pass a string with user-supplied data as a format without using "%s". An attacker can put format specifiers in the string to mangle the stack, leading to a possible security hole. This holds true even if the string has been built “by hand” using a function like snprintf();, as the resulting string may still contain user-supplied conversion specifiers for later interpolation by syslog();.

Always be sure to use the proper secure idiom: 

syslog(priority, "%s", string);

syslog_r(); and the other reentrant functions should only be used where reentrancy is required (for instance, in a signal handler). syslog(); being not reentrant, only syslog_r(); should be used here. For more information about reentrancy and signal handlers, see signal(3).

AerieBSD 1.0 Reference Manual August 26 2008 SYSLOG(3)