syslogd

syslogd [options]

-d
    Enter debugging mode (not recommended for production).

-f config_file
    Specify an alternative configuration file.

-h
    Enable reception of messages from remote hosts (if supported).

-n
    Run in foreground (do not daemonize).

-p socket
    Specify the path to the UNIX domain socket.

-s
    Secure mode; prevent anyone but root from reading the socket.

-v
    Verbose mode; print more information.

syslogd, also known as rsyslogd or other implementations depending on the distribution, is a system daemon that listens for log messages from other programs, both locally and over a network, and saves them to log files. It's a crucial component for system monitoring, debugging, and security auditing. It centralizes log collection, making it easier to analyze system behavior and diagnose problems. The configuration file, typically /etc/syslog.conf or a directory like /etc/rsyslog.d/, dictates how these messages are handled: which files to store them in, how frequently to rotate logs, and which messages to discard or forward. syslogd uses a priority-based system to categorize messages (e.g., DEBUG, INFO, WARNING, ERROR, CRITICAL, ALERT, EMERGENCY), allowing administrators to filter and prioritize important information. Different implementations may offer features like message buffering, secure transmission, and support for various input/output formats beyond plain text. Proper configuration is essential to avoid filling up disks with unwanted logs and to ensure that critical events are properly recorded and alerted upon.

Direct invocation of syslogd is often managed by systemd or other init systems. Editing the configuration file directly is typically the preferred method for customizing its behavior.

The primary configuration file (e.g., /etc/syslog.conf or within /etc/rsyslog.d/) controls how syslogd processes incoming messages.
It uses a selector/action syntax to specify which messages to log to which files or other destinations.
Selectors combine facility (e.g., auth, cron, user) and priority (e.g., debug, info, warning, error) to match specific message types.

Facility: Indicates the source of the message. Examples include auth (authentication), cron (scheduled tasks), user (user-level programs), and kern (kernel messages).
Priority: Indicates the severity of the message. Common levels are debug, info, warning, error, crit, alert, and emerg. Messages with a higher priority level imply more severe problems.

The syslogd utility has been a core part of Unix-like operating systems for many years. It evolved from a simple logging mechanism to a more sophisticated system with features such as remote logging and configurable message filtering. Different implementations, like rsyslogd and syslog-ng, have emerged to address the limitations of the original syslogd and provide enhanced features and performance.

logger(1), rsyslogd(8), syslog.conf(5), journalctl(1)