From 17cf953b97733c58b0d9fcb66dab90cd907beae9 Mon Sep 17 00:00:00 2001
From: Joachim Nilsson <troglobit@gmail.com>
Date: Sat, 7 Dec 2019 10:49:36 +0100
Subject: [PATCH] Import pristine FreeBSD versions of man pages for license
 change

This patch replaces the original man pages by Greg and Martin, that were
both licensed under the GNU GPL, with 3-clause BSD licensed versions of
the same man pages from FreeBSD.

- syslogd.8     FreeBSD Subversion r335862
- syslog.conf.5 FreeBSD Subversion r314436

Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
---
 man/syslog.conf.5 | 1028 ++++++++++++++++++++++-----------------------
 man/syslogd.8     |  951 ++++++++++++++++++-----------------------
 2 files changed, 912 insertions(+), 1067 deletions(-)

diff --git a/man/syslog.conf.5 b/man/syslog.conf.5
index 6634fa3..50bd429 100644
--- a/man/syslog.conf.5
+++ b/man/syslog.conf.5
@@ -1,563 +1,531 @@
-.\" syslog.conf - syslogd(8) configuration file                  -*- nroff -*-
-.\" Copyright (c) 1995-2009  Martin Schulze <joey@infodrom.org>
-.\" Copyright (c) 2018-2019  Joachim Nilsson <troglobit@gmail.com>
-.\" 
-.\" This file is part of the sysklogd package, a kernel and system log daemon.
-.\" 
-.\" This program is free software; you can redistribute it and/or modify
-.\" it under the terms of the GNU General Public License as published by
-.\" the Free Software Foundation; either version 2 of the License, or
-.\" (at your option) any later version.
-.\" 
-.\" This program is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-.\" GNU General Public License for more details.
-.\" 
-.\" You should have received a copy of the GNU General Public License
-.\" along with this program; if not, write to the Free Software
-.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
+.\" Copyright (c) 1990, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
 .\"
-.Dd Dec 7, 2019
-.Dt syslog.conf 5
-.Os "sysklogd (2.1)"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)syslog.conf.5	8.1 (Berkeley) 6/9/93
+.\" $FreeBSD$
+.\"
+.Dd November 1, 2016
+.Dt SYSLOG.CONF 5
+.Os
 .Sh NAME
 .Nm syslog.conf
-.Nd configuration file for syslogd
+.Nd
+.Xr syslogd 8
+configuration file
 .Sh DESCRIPTION
 The
 .Nm
-file is the main configuration file for
+file is the configuration file for the
 .Xr syslogd 8
-which logs system messages on UNIX like systems.  This file specifies
-rules for logging.  For special features see the
-.Xr syslogd 8
-man page.
-.Pp
-Every rule has at least two fields, a
+program.
+It consists of
+blocks of lines separated by
+.Em program
+and
+.Em hostname
+specifications (separations appear alone on their lines),
+with each line containing two fields: the
 .Em selector
-field and an
-.Em action .
-They may also have an
-.Em option
-field for a setting that applies only to that rule.  Fields are
-separated by one or more spaces or tabs.  A rule may be divided into
-several lines if the leading line ends with a single backslash ('\\')
-character.
-.Bd -literal -offset indent
-RULE     := SELECTOR  ACTION  [;OPTION]
-SELECTOR := [SELECTOR;]facility[,facility].[!=]severity
-ACTION   := /path/to/file
-         |= |/path/to/named/pipe
-	 |= @remote[.host.tld][:PORT]
-OPTION   := [OPTION,]
-	 |= RFC3164
-	 |= RFC5424
-         |= rotate=SIZE:COUNT
-.Ed
-.Pp
-The
-.Em selector
-field specifies a pattern of facilities and priorities belonging to the
-specified action.  The
+field which specifies the types of messages and priorities to which the
+line applies, and an
 .Em action
-details where or what to do with the selected input.  The
-.Em option
-field, which must start with the semi-colon option delimiter (';'),
-currently supports log formattaing and log rotation.  The default log
-format is the traditional RFC3164 (included here for completeness),
-.Sy except
-for remote syslog targets where the BSD format (without both timestamp
-and hostname) is the default.  The user must excplicitly set RFC3164 on
-a remote logging target.  RFC5424 is the newest format with RFC3339 time
-stamps, msgid, structured data, and more.  The BSD format cannot be set,
-it is only the default for remote targets for compatibility reasons.
+field which specifies the action to be taken if a message
+.Xr syslogd 8
+receives matches the selection criteria.
+The
+.Em selector
+field is separated from the
+.Em action
+field by one or more tab characters or spaces.
 .Pp
-.Bl -tag -compact -width "RFC3164:"
-.It BSD:
-.Cm myproc[8710]: Kilroy was here.
-.It RFC3164:
-.Cm Aug 24 05:14:15 192.0.2.1 myproc[8710]: Kilroy was here.
-.It RFC5424:
-.Cm 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - Kilroy was here.
-.El
+A special
+.Em include
+keyword can be used to include all files with names ending in '.conf' and not
+beginning with a '.' contained in the directory following the keyword.
+This keyword can only be used in the first level configuration file.
 .Pp
-The log rotation, which is only relevant for files, details the max
-.Ar SIZE:COUNT
-a file can reach before it is rotated, and later compressed.  This
-feature is mostly intended for embedded systems that do not want to have
-cron or a separate log rotate daemon.
+Note that if you use spaces as separators, your
+.Nm
+might be incompatible with other Unices or Unix-like systems.
+This functionality was added for ease of configuration
+(e.g.\& it is possible to cut-and-paste into
+.Nm ) ,
+and to avoid possible mistakes.
+This change however preserves
+backwards compatibility with the old style of
+.Nm
+(i.e., tab characters only).
 .Pp
-Comments, lines starting with a hash mark ('#'), and empty lines are
-ignored.  If an error occurs during parsing the whole line is ignored.
-The configuration file can also include other files.  The example
-.Pa /etc/syslog.conf
-has the following at the end:
-.Bd -literal -offset indent
-#
-# Drop your subsystem .conf file in /etc/syslog.d/
-#
-include /etc/syslog.d/*.conf
-.Ed
-.Sh SELECTORS
-The selector field consists of two parts, a
+The
+.Em selectors
+are encoded as a
+.Em facility ,
+a period
+.Pq Dq \&. ,
+an optional set of comparison flags
+.Pq Oo \&! Oc Op <=> ,
+and a
+.Em level ,
+with no intervening white-space.
+Both the
 .Em facility
-and a 
-.Em priority ,
-separated by a period ('.').  Both parts are case insensitive and can
-also be specified as decimal numbers corresponding to the definitions in
-.Pa /usr/include/syslog.h .
-It is safer to use symbolic names rather than decimal numbers.  Both
-facilities and priorities are described in
-.Xr syslogp 3 .
-The names mentioned below correspond to the similar 
-.Ql LOG_FOO
-values in
-.Pa /usr/include/syslog.h .
+and the
+.Em level
+are case insensitive.
 .Pp
 The
 .Em facility
-is one of the following keywords:
-.Bl -column "Code" "Facility" "Description" -offset indent
-.It Sy "Code" Ta Sy "Facility" Ta Sy "Description"
-.It        0  Ta         kern  Ta Kernel log messages
-.It        1  Ta         user  Ta User-level messages
-.It        2  Ta         mail  Ta Mail system
-.It        3  Ta       daemon  Ta General system daemons
-.It        4  Ta         auth  Ta Security/authorization messages
-.It        5  Ta       syslog  Ta Messages generated by syslogd
-.It        6  Ta          lpr  Ta Line printer subystem
-.It        7  Ta         news  Ta Network news subsystem
-.It        8  Ta         uucp  Ta UNIX-to-UNIX copy
-.It        9  Ta         cron  Ta Clock/cron daemon (BSD, Linux)
-.It       10  Ta     authpriv  Ta Security/authorization messages (private)
-.It       11  Ta          ftp  Ta FTP daemon
-.It       12  Ta          ntp  Ta NTP subsystem
-.It       13  Ta     security  Ta Log audit
-.It       14  Ta      console  Ta Log alert
-.It       15  Ta       unused  Ta Clock/cron daemon (Solaris)
-.It       16  Ta       local0  Ta Reserved for local/system use
-.It       17  Ta       local1  Ta Reserved for local/system use
-.It       18  Ta       local2  Ta Reserved for local/system use
-.It       19  Ta       local3  Ta Reserved for local/system use
-.It       20  Ta       local4  Ta Reserved for local/system use
-.It       21  Ta       local5  Ta Reserved for local/system use
-.It       22  Ta       local6  Ta Reserved for local/system use
-.It       23  Ta       local7  Ta Reserved for local/system use
-.El
-.Pp
-Notice, several of the above listed facilities are not supported
-by the standard C library (GLIBC, musl libc, or uClibc) on Linux.
-The
-.Lb libsyslog
-shipped with
-.Nm sysklogd ,
-however, supports all the above facilities in full.  Also, the keyword
-.Ql mark
-is only for internal use and should therefore not be used in
-applications.  The
-.Em facility
-specifies the subsystem that produced the message, e.g. all mail
-programs log with the mail facility,
-.Ql LOG_MAIL ,
-if they log using syslog.
-.Pp
-In most cases anyone can log to any facility, so we rely on convention
-for the correct facility to be chosen.  However, generally only the
-kernel can log to the
-.Ql kern
-facility.  This because the implementation of
+describes the part of the system generating the message, and is one of
+the following keywords:
+.Cm auth , authpriv , console , cron , daemon , ftp , kern , lpr ,
+.Cm mail , mark , news , ntp , security , syslog , user , uucp ,
+and
+.Cm local0
+through
+.Cm local7 .
+These keywords (with the exception of mark) correspond to
+similar
+.Dq Dv LOG_
+values specified to the
 .Xr openlog 3
 and
 .Xr syslog 3
-in GLIBC does not allow logging to the
-.Ql kern
-facility.
+library routines.
 .Pp
 The
-.I priority
-is one of the following keywords, in ascending order:
-.Bl -column "Code" "Facility" "Description" -offset indent
-.It Sy "Value" Ta Sy "Severity" Ta Sy "Description"
-.It         0  Ta    emergency  Ta System is unusable
-.It         1  Ta        alert  Ta Action must be taken immediately
-.It         2  Ta     critical  Ta Critical condtions
-.It         3  Ta        error  Ta Error conditions
-.It         4  Ta      warning  Ta Warning conditions
-.It         5  Ta       notice  Ta Normal but significal conditions
-.It         6  Ta         info  Ta Informational messages
-.It         7  Ta        debug  Ta Debug-level messages
-.El
+.Em comparison flags
+may be used to specify exactly what is logged.
+The default comparison is
+.Dq =>
+(or, if you prefer,
+.Dq >= ) ,
+which means that messages from the specified
+.Em facility
+list, and of a priority
+level equal to or greater than
+.Em level
+will be logged.
+Comparison flags beginning with
+.Dq Li \&!
+will have their logical sense inverted.
+Thus
+.Dq !=info
+means all levels except info and
+.Dq !notice
+has the same meaning as
+.Dq <notice .
+.Pp
+The
+.Em level
+describes the severity of the message, and is a keyword from the
+following ordered list (higher to lower):
+.Cm emerg , crit , alert , err , warning , notice , info
+and
+.Cm debug .
+These keywords correspond to
+similar
+.Dq Dv LOG_
+values specified to the
+.Xr syslog 3
+library routine.
+.Pp
+Each block of lines is separated from the previous block by a
+.Em program
+or
+.Em hostname
+specification.
+A block will only log messages corresponding to the most recent
+.Em program
+and
+.Em hostname
+specifications given.
+Thus, with a block which selects
+.Ql ppp
+as the
+.Em program ,
+directly followed by a block that selects messages from the
+.Em hostname
+.Ql dialhost ,
+the second block will only log messages
+from the
+.Xr ppp 8
+program on dialhost.
+.Pp
+A
+.Em program
+specification is a line beginning with
+.Ql #!prog
+or
+.Ql !prog
+(the former is for compatibility with the previous syslogd, if one is sharing
+.Nm
+files, for example)
+and the following blocks will be associated with calls to
+.Xr syslog 3
+from that specific program.
+A
+.Em program
+specification for
+.Ql foo
+will also match any message logged by the kernel with the prefix
+.Ql "foo: " .
+The
+.Ql #!+prog
+or
+.Ql !+prog
+specification works just like the previous one,
+and the
+.Ql #!-prog
+or
+.Ql !-prog
+specification will match any message but the ones from that
+program.
+Multiple programs may be listed, separated by commas:
+.Ql !prog1,prog2
+matches messages from either program, while
+.Ql !-prog1,prog2
+matches all messages but those from
+.Ql prog1
+or
+.Ql prog2 .
+.Pp
+A
+.Em hostname
+specification of the form
+.Ql #+hostname
+or
+.Ql +hostname
+means the following blocks will be applied to messages
+received from the specified hostname.
+Alternatively, the
+.Em hostname
+specification
+.Ql #-hostname
+or
+.Ql -hostname
+causes the following blocks to be applied to messages
+from any host but the one specified.
+If the hostname is given as
+.Ql @ ,
+the local hostname will be used.
+As for program specifications, multiple comma-separated
+values may be specified for hostname specifications.
+.Pp
+A
+.Em program
+or
+.Em hostname
+specification may be reset by giving the program or hostname as
+.Ql * .
 .Pp
-The default log level of most applications is
-.Ql notice ,
-meaning only
-.Ql notice
-and above are forwarded to
-.Nm syslogd .
 See
-.Xr setlogmask 3
-for more information on how to change the default log level of your
-application.
+.Xr syslog 3
+for further descriptions of both the
+.Em facility
+and
+.Em level
+keywords and their significance.
+It is preferred that selections be made on
+.Em facility
+rather than
+.Em program ,
+since the latter can easily vary in a networked environment.
+In some cases,
+though, an appropriate
+.Em facility
+simply does not exist.
 .Pp
-In addition to the above mentioned facility and priority names,
-.Xr syslogd 8
-understands the following extensions:
-.Pp
-.Bl -tag -compact -width "'none'"
-.It *
-An asterisk ('*') matches all facilities or all priorities, depending on
-where it is used (before or after the period).
-.It none
-The keyword
-.Ql none
-stands for no priority of the given facility.
-.It ,
-Multiple facilities may be specified for a single priority pattern in
-one statement using the comma (',') operator to separate the facilities.
-You may specify as many facilities as you want.  Please note that only
-the facility part from such a statement is taken, a priority part would
-be ignored.
-.It ;
-Multiple selectors may be specified for a single
+If a received message matches the specified
+.Em facility
+and is of the specified
+.Em level
+.Em (or a higher level) ,
+and the first word in the message after the date matches the
+.Em program ,
+the action specified in the
 .Em action
-using the semicolon (';') separator.  Selectors are processed from left
-to right, with each selector being able to overwrite preceding ones.
-Using this behavior you are able to exclude some priorities from the
-pattern.
-.It =
-This version of
-.Xr syslogd 8
-has a syntax extension to the original BSD source, which makes its use
-more intuitive.  You may precede every priority with an equation sign
-('=') to specify that only this single priority should be matched,
-instead of the default: this priority and all higher priorities.
-.It !
-You may also precide the priority with an exclamation mark ('!') if you
-want to ignore this priority and all higher priorities.  You may even
-use both the exclamation mark and the equation sign if you want to
-ignore a single priority.  If both extensions are used, the exclamation
-mark must occur before the equation sign.
-.El
-.Sh ACTIONS
-The action field of a rule is the destination or target for a match.  It
-can be a file, a UNIX named pipe, the console, or a remote machine.
-.Ss Regular File
-Typically messages are logged to real files.  The filename is specified
-with an absolute pathname.
+field will be taken.
 .Pp
-You may prefix each entry with a minus sign ('-') to avoid syncing the
-file after each log message.  Note that you might lose information if
-the system crashes right after a write attempt.  Nevertheless this might
-give you back some performance, especially if you run programs that use
-logging in a very verbose manner.
-.Ss Named Pipes
-This version of
+Multiple
+.Em selectors
+may be specified for a single
+.Em action
+by separating them with semicolon
+.Pq Dq \&;
+characters.
+It is important to note, however, that each
+.Em selector
+can modify the ones preceding it.
+.Pp
+Multiple
+.Em facilities
+may be specified for a single
+.Em level
+by separating them with comma
+.Pq Dq \&,
+characters.
+.Pp
+An asterisk
+.Pq Dq *
+can be used to specify all
+.Em facilities ,
+all
+.Em levels ,
+or all
+.Em programs .
+.Pp
+The special
+.Em facility
+.Dq mark
+receives a message at priority
+.Dq info
+every 20 minutes
+(see
+.Xr syslogd 8 ) .
+This is not enabled by a
+.Em facility
+field containing an asterisk.
+.Pp
+The special
+.Em level
+.Dq none
+disables a particular
+.Em facility .
+.Pp
+The
+.Em action
+field of each line specifies the action to be taken when the
+.Em selector
+field selects a message.
+There are five forms:
+.Bl -bullet
+.It
+A pathname (beginning with a leading slash).
+Selected messages are appended to the file.
+.Pp
+To ensure that kernel messages are written to disk promptly,
+.Nm
+calls
+.Xr fsync 2
+after writing messages from the kernel.
+Other messages are not synced explicitly.
+You may prefix a pathname with the minus sign,
+.Dq - ,
+to forego syncing the specified file after every kernel message.
+Note that you might lose information if the system crashes
+immediately following a write attempt.
+Nevertheless, using the
+.Dq -
+option may improve performance,
+especially if the kernel is logging many messages.
+.It
+A hostname (preceded by an at
+.Pq Dq @
+sign).
+Selected messages are forwarded to the
 .Xr syslogd 8
-supports logging to named pipes (FIFOs).  A FIFO, or named pipe, can be
-used as a destination for log messages by prepending a pipe symbol ('|')
-to the name of the file.  This can be very handy for debugging.  Note
-that the FIFO must be created with the
-.Xr mkfifo 1
-command before
-.Nm syslogd
-is started.
-.Ss Terminal and Console
-If the file you specified is a tty, special tty-handling is done, same
-with
-.Pa /dev/console .
-.Ss Remote Machine
-Full remote logging support is available in
-.Nm syslogd ,
-i.e. to send messages to a remote syslog server, and and to receive
-messages from remote hosts.  To forward messages to another host,
-prepend the hostname with the at sign ('@').  If a port number is added
-after a colon (':') then that port will be used as the destination port
+program on the named host.
+If a port number is added after a colon
+.Pq Ql :\&
+then that port will be used as the destination port
 rather than the usual syslog port.
-.Pp
-This feature makes it possible to collect all syslog messages in a
-network on a central host.  This reduces administration needs and
-can be really helpful when debugging distributed systems.
-.Pp
-Using a named pipe log method, messages from remote hosts can be sent to
-a log program.  By reading log messages line by line such a program is
-able to sort log messages by host name or program name on the central
-log host.  This way it is possible to split the log into separate files.
-.Pp
-By default messages to remote remote hosts were formatted in the original
-BSD style, without timestamp or hostname.  As of
-.Nm syslogd
-v2.0 the default includes timstamp and hostname.  It is also possible to
-enable the new RFC5424 style formatting, append ';RFC5424' after the
-hostname.
-.Ss List of Users
-Usually critical messages are also directed to
-.Ql root
-on that machine.  You can specify a list of users that ought to receive
-the log message on their terminal by writing their usernames.  You may
-specify more than one user by separating the usernames with commas
-(',').  Only logged in users will receive the log messages.
-.Ss Everyone logged on
-Emergency messages often go to all users currently online to notify them
-that something strange is happening with the system.  To specify this
-.Xr wall 1
-feature use an asterisk ('*').
-.Sh EXAMPLES
-This section lists some examples, partially from actual site setups.
-.Ss Catch Everything
-This example matches all facilities and priorities and stores everything
-in the file
-.Pa /var/log/syslog
-in RFC5424 format.  Every time the file reaches 10 MiB it is rotated and
-five files in total are kept, including the non-rotated file.
-.Bd -literal -offset indent
-# Match all log messages, store in RC5424 format and rotate every 10 MiB
-#
-*.*                          /var/log/critical    ;rotate=10M:5,RFC5424
-.Ed
-.Ss Critical
-This stores all messages of priority
-.Ql crit
-in the file
-.Pa /var/log/critical ,
-with the exception of any kernel messages.
-.Bd -literal -offset indent
-# Store critical stuff in critical
-#
-*.=crit;kern.none            /var/log/critical
-.Ed
-.Ss Kernel
-This is an example of the 2nd selector overwriting part of the first
-one.  The first selector selects kernel messages of priority
-.Ql info
-and higher.  The second selector filters out kernel messages of priority
-.Ql error
-and higher.  This leaves just priorities
-.Ql info ,
-.Ql notice ,
+IPv6 addresses can be used
+by surrounding the address portion with
+square brackets
+.Po
+.Ql [\&
 and
-.Ql warning
-to get logged.
-.Bd -literal -offset indent
-# Kernel messages are stored in the kernel file, critical messages and
-# higher ones also go to another host and to the console
-#
-kern.*                       /var/log/kernel
-kern.crit                    @finlandia           ;RFC5424
-kern.crit                    /dev/console
-kern.info;kern.!err          /var/log/kernel.info
-.Ed
-.Pp
-The first rule directs any message that has the kernel facility to the
-file
-.Pa /var/log/kernel .
-Recall that only the kernel itself can log to this facility.
-.Pp
-The second statement directs all kernel messages of priority
-.Ql crit
-and higher to the remote host
-.Ql finlandia
-in RFC5424 style formatting.  This is useful, because if the host
-crashes and the disks get irreparable errors you might not be able to
-read the stored messages.  If they're on a remote host, too, you still
-can try to find out the reason for the crash.
-.Pp
-The third rule directs kernel messages of priority
-.Ql crit
-and higher to the actual console, so the person who works on the machine
-will get them, too.
-.Pp
-The fourth line tells
-.Nm syslogd
-to save all kernel messages that come with priorities from
-.Ql info
-up to
-.Ql warning
-in the file
-.Pa /var/log/kernel.info .
-.Ss Redirecting to a TTY
-This directs all messages that use 
-.Ql mail.info
-(in source
-.Ql LOG_MAIL | LOG_INFO )
-to
-.IR /dev/tty12 , 
-the 12th console.  For example the tcpwrapper
-.BR tcpd (8)
-uses this as its default.
-.Bd -literal -offset indent
-# The tcp wrapper logs with mail.info, we display
-# all the connections on tty12
-#
-mail.=info                   /dev/tty12
-.Ed
-.Ss Redirecting to a file
-This pattern matches all messages that come with the
-.Ql mail
-facility, except for the
-.Ql info
-priority.  These will be stored in the file
-.Pa /var/log/mail .
-.Bd -literal -offset indent
-# Write all mail related logs to a file
-#
-mail.*;mail.!=info           /var/log/mail
-.Ed
-.Ss Single Priority from Two Facilities
-This will extract all messages that come either with
-.Ql mail.info
-or with
-.Ql news.info
-and store them in the file
-.Pa /var/log/info .
-.Bd -literal -offset indent
-# Log all mail.info and news.info messages to info
-#
-mail,news.=info              /var/log/info
-.Ed
-.Ss Advanced Filtering, part 1
-This logs all messages that come with either the
-.Ql info
-or the
-.Ql notice
-priority into the file
-.Pa /var/log/messages ,
-except for all messages that use the
-.Ql mail
-facility.
-.Bd -literal -offset indent
-# Log info and notice messages to messages file
-#
-*.=info;*.=notice;\\
-	mail.none            /var/log/messages
-.Ed
-.Ss Advanced Filtering, part 2
-This statement logs all messages that come with the
-.Ql info
-priority to the file
-.Pa /var/log/messages .
-But any message with either
-.Ql mail
-or the
-.Ql news
-facility  are not logged.
-.Bd -literal -offset indent
-# Log info messages to messages file
-#
-*.=info;\\
-	mail,news.none       /var/log/messages
-.Ed
-.Ss Wall Messages
-This rule tells
-.Nm syslogd
-to write all emergency messages to all currently logged in users.  This
-is the wall action.
-.Bd -literal -offset indent
-# Emergency messages will be displayed using wall
-#
-*.=emerg                     *
-.Ed
-.Ss Alerting Users
-This rule directs all messages of priority
-.Ql alert
-or higher to the terminals of the operator, i.e. of the users 'root'
-and 'joey', if they're logged in.
-.Bd -literal -offset indent
-# Messages of the priority alert will be directed
-# to the operator
-#
-*.alert                      root,joey
-.Ed
-.Ss Log Rotation
-This example logs all messages except kernel messages to the file
-.Pa /var/log/messages
-without syncing ('-') the file after each log message.  When the file
-reaches 100 kiB it is rotated.  In total are only 10 rotated files,
-including the main file itself and compressed files kept.  The size
-argument takes the same modifiers as the
+.Ql ]\&
+.Pc .
+.It
+A comma separated list of users.
+Selected messages are written to those users
+if they are logged in.
+.It
+An asterisk.
+Selected messages are written to all logged-in users.
+.It
+A vertical bar
+.Pq Dq \&| ,
+followed by a command to pipe the selected
+messages to.
+The command is passed to
+.Xr sh 1
+for evaluation, so usual shell metacharacters or input/output
+redirection can occur.
+(Note however that redirecting
+.Xr stdio 3
+buffered output from the invoked command can cause additional delays,
+or even lost output data in case a logging subprocess exited with a
+signal.)
+The command itself runs with
+.Em stdout
+and
+.Em stderr
+redirected to
+.Pa /dev/null .
+Upon receipt of a
+.Dv SIGHUP ,
 .Xr syslogd 8
-command line option,
-.Fl R .
-.Bd -literal -offset indent
-# Log all messages, including kernel, to messages file rotated
-# every 100 kB and keep up to 10 aged out and compressed files
-#
-*.*;kern.none               -/var/log/messages    ;rotate=100k:10
-.Ed
-.Ss Logging to Remote Syslog Server
-This rule redirects all messages to one remote host called
-.Ql finlandia ,
-with RFC5424 style formatting, and another remote host called
-.Ql sibelius ,
-but on a non-standard port and with RFC3164 formatting (i.e.,
-including timestamp and hostname).
-.Bd -literal -offset indent
-*.*                          @finlandia           ;RFC5424
-*.*                          @sibelius:5514       ;RFC3164
-.Ed
-.Sh FILES
-.Bl -tag -compact -width /etc/syslog.d/*.conf
-.It /etc/syslog.conf
-Main configuration file for
-.Xr syslogd 8
-.It /etc/syslog.d/*.conf
-Recommended directory for .conf snippets (per subsystem)
+will close the pipe to the process.
+If the process did not exit
+voluntarily, it will be sent a
+.Dv SIGTERM
+signal after a grace period of up to 60 seconds.
+.Pp
+The command will only be started once data arrives that should be piped
+to it.
+If it exited later, it will be restarted as necessary.
+So if it
+is desired that the subprocess should get exactly one line of input only
+(which can be very resource-consuming if there are a lot of messages
+flowing quickly), this can be achieved by exiting after just one line of
+input.
+If necessary, a script wrapper can be written to this effect.
+.Pp
+Unless the command is a full pipeline, it is probably useful to
+start the command with
+.Em exec
+so that the invoking shell process does not wait for the command to
+complete.
+Warning: the process is started under the UID invoking
+.Xr syslogd 8 ,
+normally the superuser.
 .El
-.Sh BUGS
-The effects of multiple selectors are sometimes not intuitive.  For
-example
-.Ql mail.crit,*.err
-will select
-.Ql mail
-facility messages at the level of
-.Ql err
-or higher, not at the level of
-.Ql crit or higher.
 .Pp
-Also, if you specify a selector with an exclamation mark in it, which
-isn't preceded by a corresponding selector without an exclamation mark,
-nothing will be logged.  Intuitively, the selector
-.Ql ftp.!alert
-on its own will select all
-.Ql ftp
-messages with priorities less than
-.Ql alert .
-In fact it selects nothing.  Similarly,
-.Ql ftp.!=alert
-might reasonably be expected to select all
-.Ql ftp
-messages other than those with priority
-.Ql alert ,
-but again it selects nothing.  It seems the selectors with exclamation
-marks in them should only be used as "filters" following selectors
-without exclamation marks.
-.Pp
-Finally, using a backslash to divide a line into two doesn't work if the
-backslash is used immediately after the end of the selector, without
-intermediate whitespace.
+Blank lines and lines whose first non-blank character is a hash
+.Pq Dq #
+character are ignored.
+If
+.Ql #
+is placed in the middle of the line, the
+.Ql #
+character and the rest of the line after it is ignored.
+To prevent special meaning, the
+.Ql #
+character may be escaped with
+.Ql \e ;
+in this case preceding
+.Ql \e
+is removed and
+.Ql #
+is treated as an ordinary character.
+.Sh IMPLEMENTATION NOTES
+The
+.Dq kern
+facility is usually reserved for messages
+generated by the local kernel.
+Other messages logged with facility
+.Dq kern
+are usually translated to facility
+.Dq user .
+This translation can be disabled;
+see
+.Xr syslogd 8
+for details.
+.Sh FILES
+.Bl -tag -width /etc/syslog.conf -compact
+.It Pa /etc/syslog.conf
+.Xr syslogd 8
+configuration file
+.El
+.Sh EXAMPLES
+A configuration file might appear as follows:
+.Bd -literal
+# Log all kernel messages, authentication messages of
+# level notice or higher, and anything of level err or
+# higher to the console.
+# Don't log private authentication messages!
+*.err;kern.*;auth.notice;authpriv.none;mail.crit	/dev/console
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+*.info;mail.none;authpriv.none		/var/log/messages
+
+# Log daemon messages at debug level only
+daemon.=debug						/var/log/daemon.debug
+
+# The authpriv file has restricted access.
+authpriv.*						/var/log/secure
+
+# Log all the mail messages in one place.
+mail.*							/var/log/maillog
+
+# Everybody gets emergency messages, plus log them on another
+# machine.
+*.emerg							*
+*.emerg							@arpa.berkeley.edu
+
+# Root and Eric get alert and higher messages.
+*.alert							root,eric
+
+# Save mail and news errors of level err and higher in a
+# special file.
+uucp,news.crit						/var/log/spoolerr
+
+# Pipe all authentication messages to a filter.
+auth.*					|exec /usr/local/sbin/authfilter
+
+# Log all security messages to a separate file.
+security.*						/var/log/security
+
+# Log all writes to /dev/console to a separate file.
+console.*						/var/log/console.log
+
+# Save ftpd transactions along with mail and news
+!ftpd
+*.*							/var/log/spoolerr
+
+# Log ipfw messages without syncing after every message.
+!ipfw
+*.*							-/var/log/ipfw
+.Ed
 .Sh SEE ALSO
-.Xr mkfifo 1 ,
-.Xr sysklogd 8 ,
-.Xr logger 1 ,
-.Xr syslog 2 ,
-.Xr syslogp 3 .
-.Sh AUTHORS
-The system log daemon
-.Nm syslogd
-is originally taken from BSD sources and later updated with new
-funcitonality from
-.Fx
-and
-.Nx .
-.An -nosplit
-.An Greg Wettstein Aq Mt greg@wind.enjellic.com
-performed the initial port to Linux.
-.An Martin Schulze Aq Mt joey@infodrom.org
-fixed some bugs, added several new features and took over maintenance.
-.An Joachim Nilsson Aq Mt troglobit@gmail.com
-later picked up the aging
-.Nm sysklogd
-and gave it a home at GitHub with new features imported from
-.Fx
-and
-.Nx .
+.Xr syslog 3 ,
+.Xr syslogd 8
+.Sh BUGS
+The effects of multiple
+.Em selectors
+are sometimes not intuitive.
+For example
+.Dq mail.crit,*.err
+will select
+.Dq mail
+facility messages at the level of
+.Dq err
+or higher, not at the level of
+.Dq crit
+or higher.
+.Pp
+In networked environments, note that not all operating systems
+implement the same set of facilities.
+The facilities
+authpriv, cron, ftp, and ntp that are known to this implementation
+might be absent on the target system.
+Even worse, DEC UNIX uses
+facility number 10 (which is authpriv in this implementation) to
+log events for their AdvFS file system.
diff --git a/man/syslogd.8 b/man/syslogd.8
index 3ed6ecf..0e11697 100644
--- a/man/syslogd.8
+++ b/man/syslogd.8
@@ -1,81 +1,61 @@
-.\"                                                              -*- nroff -*-
-.\" Copyright 1994-1996  Dr. Greg Wettstein, Enjellic Systems Development.
-.\" Copyright 1997-2008  Martin Schulze <joey@infodrom.org>
-.\" Copyright 2018-2019  Joachim Nilsson <troglobit@gmail.com>
+.\" Copyright (c) 1983, 1986, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
 .\"
-.\" May be distributed under the GNU General Public License
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
 .\"
-.Dd Dec 7, 2019
-.Dt syslogd 8
-.Os "sysklogd (2.1)"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)syslogd.8	8.1 (Berkeley) 6/6/93
+.\" $FreeBSD$
+.\"
+.Dd July 2, 2018
+.Dt SYSLOGD 8
+.Os
 .Sh NAME
 .Nm syslogd
-.Nd System and Kernel Log Daemon
+.Nd log systems messages
 .Sh SYNOPSIS
 .Nm
-.Op Fl ?46AdFknsTv
-.Op Fl a Ar addr[/len][:port]
-.Op Fl a Ar name[:port]
-.Op Fl b Ar addr[:port]
-.Op Fl b Ar :port
-.Op Fl f Ar file
-.Op Fl m Ar interval
-.Op Fl P Ar file
-.Op Fl p Ar sock
-.Op Fl r Ar size[:count]
+.Op Fl 468ACcdFHkNnosTuv
+.Op Fl a Ar allowed_peer
+.Op Fl b Ar bind_address
+.Op Fl f Ar config_file
+.Op Fl l Oo Ar mode Ns \&: Oc Ns Ar path
+.Op Fl m Ar mark_interval
+.Op Fl O Ar format
+.Op Fl P Ar pid_file
+.Op Fl p Ar log_socket
+.Op Fl S Ar logpriv_socket
 .Sh DESCRIPTION
+The
 .Nm
-support RFC3164 and RFC5424 style log messages for both local and remote
-logging using Internet and UNIX domain sockets.  Differences in style is
-shown below.
+utility reads and logs messages to the system console,
+log files,
+other
+machines and/or users as specified by its configuration file.
 .Pp
-.Bl -tag -compact -width "RFC3164:"
-.It RFC3164:
-.Cm Aug 24 05:14:15 192.0.2.1 myproc[8710]: Kilroy was here.
-.It RFC5424:
-.Cm 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - Kilroy was here.
-.El
-.Pp
-Note, for remote logging the messages are prefixed with
-.Cm <PRI>
-or
-.Cm <PRI>1 ,
-respectively.
-.Pp
-.Nm
-is derived from BSD sources, today
-.Fx
-is the reference for
-.Nm
-and
-.Nx
-for the new
-.Xr syslogp 3
-API, which fully supports the new features of RFC5424.  Please note; 1)
-the intention is to follow standard BSD
-.Nm
-behavior, 2) despite having a stand-alone
-.Xr syslog 3 ,
-and
-.Xr syslogp 3
-API in
-.Lb libsyslog ,
-.Nm
-interacts transparently with the standard C library
-.Xr syslog 3
-API, as implemented in GLIBC, musl libc, and uClibc.
-.Pp
-When
-.Nm
-starts up it reads its main configuration file
-.Pa /etc/syslog.conf ,
-or an alternate file given with the
-.Fl f Ar file
-option.  For details on how to configure syslog priority
-(facility.severity) filtering, see
-.Xr syslog.conf 5 .
-.Sh OPTIONS
-.Bl -tag -width Ds
+The options are as follows:
+.Bl -tag -width indent
 .It Fl 4
 Force
 .Nm
@@ -84,520 +64,417 @@ to use IPv4 addresses only.
 Force
 .Nm
 to use IPv6 addresses only.
+.It Fl 8
+Tells
+.Nm
+not to interfere with 8-bit data.
+Normally
+.Nm
+will replace C1 control characters
+.Pq ISO 8859 and Unicode characters
+with their
+.Dq M- Ns Em x
+equivalent.
+Note, this option does not change the way
+.Nm
+alters control characters
+.Pq see Xr iscntrl 3 .
+They will always be replaced with their
+.Dq ^ Ns Em x
+equivalent.
 .It Fl A
 Ordinarily,
 .Nm
-tries to send the message to only one address even if the host has
-more than one A or AAAA record.  If this option is specified,
+tries to send the message to only one address
+even if the host has more than one A or AAAA record.
+If this option is specified,
 .Nm
 tries to send the message to all addresses.
-.It Fl a Ar address[/len][:service] | Fl a Ar domainname[:service]
-Allow peers to log to this syslogd using UDP datagrams.  Multiple
+.It Fl a Ar allowed_peer
+Allow
+.Ar allowed_peer
+to log to this
+.Nm
+using UDP datagrams.
+Multiple
 .Fl a
-options may be specified.  Any
-.Fl a
-option is ignored if the
-.Fl s
-option is also specified.
+options may be specified.
 .Pp
-The peer argument may be any of the following:
-.Bl -tag -width 'address[/len][:service]'
-.It Ql address[/len][:service]
-Accept datagrams from IP
-.Ar address ,
-which can be specified as an IPv4 address or as an IPv6 address enclosed
-with
-.Sq \&[
+The
+.Ar allowed_peer
+option may be any of the following:
+.Bl -tag -width "ipaddr[/prefixlen][:service]XX"
+.It Xo
+.Sm off
+.Ar ipaddr
+.Op / Ar masklen
+.Op \&: Ar service
+.Pp
+.Ar ipaddr
+.Op / Ar prefixlen
+.Op \&: Ar service
+.Sm on
+.Xc
+Accept datagrams from
+.Ar ipaddr ,
+.Ar ipaddr
+can be specified as an IPv4 address or as an IPv6
+address enclosed with
+.Ql \&[
 and
-.Sq \&] .
-If specified, service is the name or port number of an UDP service (see
+.Ql \&] .
+If specified,
+.Ar service
+is the name or number of an UDP service (see
 .Xr services 5 )
-the source packet must belong to.  A service of
-.Ql *
-accepts UDP packets from any source port.  The default service is
+the source packet must belong to.
+A
+.Ar service
+of
+.Ql \&*
+accepts UDP packets from any source port.
+The default
+.Ar service
+is
 .Ql syslog .
 If
-.Ar address
-is an IPv4 address, a missing prefix
-.Ar len
+.Ar ipaddr
+is IPv4 address, a missing
+.Ar masklen
 will be substituted by the historic class A or class B netmasks if
-.Ar address
-belongs in the address range of class A or B, respectively, or by'
-.Ar /24
-otherwise.  If
-.Ar address
-is an IPv6 address, a missing prefix
-.Ar len
+.Ar ipaddr
+belongs into the address range of class A or B,
+respectively,
+or by 24 otherwise.
+If
+.Ar ipaddr
+is IPv6 address,
+a missing
+.Ar masklen
 will be substituted by 128.
-.It Ql domainname[:service]
+.It Xo
+.Sm off
+.Ar domainname Op \&: Ar service
+.Sm on
+.Xc
 Accept datagrams where the reverse address lookup yields
 .Ar domainname
-for the sender address.  The meaning of
+for the sender address.
+The meaning of
 .Ar service
 is as explained above.
 .Ar domainname
 can contain special characters of a shell-style pattern such as
-.Ql * .
+.Ql Li \&* .
 .El
-.It Fl b Ar address[:service]
-.It Fl b Ar :service
-Bind to a specific address and/or port.  The address can be specified as
-a hostname, and the port as a service name.  If an IPv6 address is
-specified, it should be enclosed with
-.Sq \&[
-and
-.Sq \&] .
-The default service is
-.Ql syslog
-(514/udp).  This option can be specified multiple times to bind to
-multiple addresses and/or ports.
-.It Fl d
-Turns on debug mode.  This implicitly enables
-.Fl F
-to prevent
-.Nm
-from backgrounding itself.  Debug information is written to the current
-TTY.  SIGUSR1 is required to confirm continued debug messages when the
-daemon has finished starting up.  See the
-.Sx DEBUGGING
-section for more information.
-.It Fl F
-Run in foreground, required when run from a modern init/supervisor.  See
-your system
-.Xr init 1
-for details.
-.It Fl f Ar file
-Specify an alternative configuration file instead of the default
-.Pa /etc/syslog.conf .
-.It Fl k
-Disable the translation of messages received with facility
-.Ql kern
-to
-facility
-.Ql user .
-Usually the
-.Ql kern
-facility is reserved for kernel log messages.
-.It Fl m Ar interval
-Specify interval in minutes between
-.Ql -- MARK --
-log messages, default: 20 minutes.  Setting this to zero disables log marks
-entirely.
 .Pp
-Note, the
-.Ql -- MARK --
-messages are only written when a log file has been without activity in
-.Ql Cm interval / 2
-minutes.
+The
+.Fl a
+options are ignored if the
+.Fl s
+option is also specified.
+.It Xo
+.Fl b
+.Sm off
+.Ar bind_address Op \&: Ar service
+.Sm on
+.Xc
+.It Xo
+.Fl b
+.Sm off
+.Li \&: Ar service
+.Sm on
+.Xc
+Bind to a specific address and/or port.
+The address can be specified as a hostname,
+and the port as a service name.
+If an IPv6 address is specified, it should be enclosed with
+.Ql \&[
+and
+.Ql \&] .
+The default
+.Ar service
+is
+.Ql syslog .
+This option can be specified multiple times to bind to
+multiple addresses and/or ports.
+.It Fl C
+Create log files that do not exist
+.Pq permission is set to Ql Li 0600 .
+.It Fl c
+Disable the compression of repeated instances of the same line
+into a single line of the form
+.Dq Li "last message repeated N times"
+when the output is a pipe to another program.
+If specified twice,
+disable this compression in all cases.
+.It Fl d
+Put
+.Nm
+into debugging mode.
+This is probably only of use to developers working on
+.Nm .
+.It Fl f Ar config_file
+Specify the pathname of an alternate configuration file;
+the default is
+.Pa /etc/syslog.conf .
+.It Fl F
+Run
+.Nm
+in the foreground,
+rather than going into daemon mode.
+This is useful if some other process uses
+.Xr fork 2
+and
+.Xr exec 3
+to run
+.Nm ,
+and wants to monitor when and how it exits.
+.It Fl H
+When logging remote messages use hostname from the message (if supplied)
+instead of using address from which the message was received.
+.It Fl k
+Disable the translation of
+messages received with facility
+.Dq kern
+to facility
+.Dq user .
+Usually the
+.Dq kern
+facility is reserved for messages read directly from
+.Pa /dev/klog .
+.It Fl m Ar mark_interval
+Select the number of minutes between
+.Dq mark
+messages;
+the default is 20 minutes.
+.It Fl N
+Disable binding on UDP sockets.
+RFC 3164 recommends that outgoing
+.Nm
+messages should originate from the privileged port,
+this option
+.Em disables
+the recommended behavior.
+This option inherits
+.Fl s .
 .It Fl n
 Disable DNS query for every request.
-.It Fl P Ar file
-Specify an alternate file in which to store the process ID.
-The default is
-.Pa /var/run/syslog.pid .
-.It Fl p Ar socket
-Specify an alternate UNIX domain socket instead of the default
-.Pa /dev/log .
+.It Fl O Ar format
+Select the output format of generated log messages.
+The values
+.Ar bsd
+and
+.Ar rfc3164
+are used to generate RFC 3164 log messages.
+The values
+.Ar syslog
+and
+.Ar rfc5424
+are used to generate RFC 5424 log messages,
+having RFC 3339 timestamps with microsecond precision.
+The default is to generate RFC 3164 log messages.
+.It Fl o
+Prefix kernel messages with the full kernel boot file as determined by
+.Xr getbootfile 3 .
+Without this, the kernel message prefix is always
+.Dq Li kernel: .
+.It Fl p Ar log_socket
+Specify the pathname of an alternate log socket to be used instead;
+the default is
+.Pa /var/run/log .
 When a single
 .Fl p
-option is specified, the default pathname is replaced with the specified
-one.  When two or more
+option is specified,
+the default pathname is replaced with the specified one.
+When two or more
 .Fl p
-options are specified, the remaining pathnames are treated as additional
-log sockets.  This might be needed when running applications in
-containers or a
-.Xr chroot 8
-environment.
-.It Fl r Ar size[:count]
-Enable built-in support for log rotation of files listed in
-.Pa /etc/syslog.conf .
-This feature is particulary useful for small and embedded systems that
-do not want the overhead of
-.Xr cron 8
-and
-.Xr logrotate 8 .
-.Pp
-The option controls the max size and number of backup files kept by the
-built-in log-rotation.  When present on the command line it activates
-log rotation of all files with the given maximum size.  It is also
-possible to control log rotate per log file, see
-.Xr syslog.conf 5
-for details.
-.Pp
-The size argument takes optional modifiers; k, M, G.  E.g., 100M is
-100MB, 42k is 42 kB, etc.
-.Pp
-The optional number of files kept include both gzipped files and the
-first rotated (not zipped) file.  The default for this, when omitted,
-is 5.
+options are specified,
+the remaining pathnames are treated as additional log sockets.
+.It Fl P Ar pid_file
+Specify an alternative file in which to store the process ID.
+The default is
+.Pa /var/run/syslog.pid .
+.It Fl S Ar logpriv_socket
+Specify the pathname of an alternate log socket for privileged
+applications to be used instead;
+the default is
+.Pa /var/run/logpriv .
+When a single
+.Fl S
+option is specified,
+the default pathname is replaced with the specified one.
+When two or more
+.Fl S
+options are specified,
+the remaining pathnames are treated as additional log sockets.
+.It Fl l Oo Ar mode Ns \&: Oc Ns Ar path
+Specify a location where
+.Nm
+should place an additional log socket.
+The primary use for this is to place additional log sockets in
+.Pa /var/run/log
+of various chroot filespaces.
+File permissions for socket can be specified in octal representation in
+.Ar mode ,
+delimited with a colon.
+The socket location must be specified as an absolute pathname in
+.Ar path .
 .It Fl s
-Operate in secure mode.  Do not log messages from remote machines.  If
-specified twice, no network socket will be opened at all, which also
-disables logging to remote machines.
+Operate in secure mode.
+Do not log messages from remote machines.
+If specified twice,
+no network socket will be opened at all,
+which also disables logging to remote machines.
 .It Fl T
-Always use the local time and date for messages received from the
-network, instead of the timestamp field supplied in the message by the
-remote host.  This is useful if some of the originating hosts cannot
-keep time properly or are unable to generate a correct timestamp.
+Always use the local time and date for messages received from the network,
+instead of the timestamp field supplied in the message by the remote host.
+This is useful if some of the originating hosts cannot keep time properly
+or are unable to generate a correct timestamp.
+.It Fl u
+Unique priority logging.
+Only log messages at the specified priority.
+Without this option,
+messages at the stated priority or higher are logged.
+This option changes the default comparison from
+.Dq =>
+to
+.Dq = .
 .It Fl v
-Print
-.Nm
-version and exit.
-.Sh CONFIGURATION FILE DIFFERENCES
-.Nm
-uses a slightly different syntax for its configuration file than the
-original BSD sources.
+Verbose logging.
+If specified once,
+the numeric facility and priority are
+logged with each locally-written message.
+If specified more than once,
+the names of the facility and priority are logged with each locally-written
+message.
 .Pp
-First, rules may now also have a third field
-.Cm ;OPTION .
-Several options are supported, comma separated, that control formatting
-and log rotation, for more on this see
+This option only affects the formatting of RFC 3164 messages.
+Messages formatted according to RFC 5424 always include a
+facility/priority number.
+.El
+.Pp
+The
+.Nm
+utility reads its configuration file when it starts up and whenever it
+receives a hangup signal.
+For information on the format of the configuration file,
+see
 .Xr syslog.conf 5 .
 .Pp
-Second, other files may be included using a
-.Xr glob 7
-style syntax, e.g.
-.Ql include /path/to/*.conf .
-.Pp
-Third, originally all messages of a specific priority and above were
-forwarded to the log file.  For example the following line send all
-output from daemons using the daemon facilities (debug is the lowest
-priority, so every higher will also match) to go into
-.Pa /var/log/daemons :
-.Bd -literal -offset indent
-# Sample syslog.conf
-daemon.debug		/var/log/daemons
-.Ed
-.Pp
+The
 .Nm
-still supports this, with the addition of four additional specifiers,
-the asterisk ('*') wildcard, the equation sign ('='), the exclamation
-mark ('!'), and the minus sign ('-').
+utility reads messages from the
+.Ux
+domain sockets
+.Pa /var/run/log
+and
+.Pa /var/run/logpriv ,
+from an Internet domain socket specified in
+.Pa /etc/services ,
+and from the special device
+.Pa /dev/klog
+.Pq to read kernel messages .
 .Pp
-The '*' specifies that all messages for the specified facility are to be
-directed to the destination, this is the same as specifying a priority
-level of debug.  Some users find the asterisk notation more intuitive.
-.Pp
-The '=' restricts logging to the specified priority class.  This allows,
-for example, routing only debug messages to a particular logging source.
-.Pp
-For example, the following line in
-.Pa /etc/syslog.conf
-directs debug messages from all sources to the
-.Pa /var/log/debug
-file in RFC5424 format, with log rotation every 512 kiB, saving only 20
-files in total (including the non-rotated file):
-.Bd -literal -offset indent
-# Sample syslog.conf
-*.=debug		-/var/log/debug	;RFC5424,rotate=512k:20
-.Ed
-.Pp
-.\" The '!' as the first character of a priority inverts the above
-.\" mentioned interpretation.
-The '!' is used to exclude logging of the specified priorities.  This
-affects all (!) possibilities of specifying priorities.
-.Pp
-For example the following lines in
-.Pa syslog.conf
-log all messages of facility
-.Ql mail
-except those with priority
-.Ql info
-to the
-.Pa /var/log/mail 
-file.  All messages from
-.Ql news.info
-(including) to
-.Ql news.crit
-(excluding) are logged to the
-.Pa /var/log/news
-file.
-.Bd -literal -offset indent
-# Sample syslog.conf
-mail.*;mail.!=info	/var/log/mail
-news.info;news.!crit	/var/log/news
-.Ed
-.Pp
-You may use it intuitively as an exception specifier.  The above
-mentioned interpretation is simply inverted.  For example, to skip
-every message with facility
-.Ar mail :
-.Bd -literal -offset indent
-mail.none
-.Ed
-or
-.Bd -literal -offset indent
-mail.!*
-.Ed
-or
-.Bd -literal -offset indent
-mail.!debug
-.Ed
-.Pp
-The '-' may only be used to prefix a filename if you want to omit
-sync'ing the file after every write to it.
-.Sh REMOTE LOGGING
+The
 .Nm
-has network support enabled by default.  Meaning, when it starts up it
-opens a socket for sending to remote servers and also binds it to listen
-for incoming syslog messages over UDP port 514.  For this to work
-correctly the
-.Xr services 5
-file (typically found in
-.Pa /etc/services )
-must have the following entry:
-.Bd -literal -offset indent
-syslog          514/udp
-.Ed
+utility creates its process ID file,
+by default
+.Pa /var/run/syslog.pid ,
+and stores its process
+ID there.
+This can be used to kill or reconfigure
+.Nm .
 .Pp
-If this entry is missing
+The message sent to
 .Nm
-by default disables networking completely.  This can also be achieved
-by the
-.Fl s
-flag.  However,
-.Nm
-can listen to any port, named or by value.  Use the
-.Fl b Ar :5514
-flag to bind a socket to (unprivileged) port 5514 instead.
+should consist of a single line.
+The message can contain a priority code,
+which should be a preceding
+decimal number in angle braces,
+for example,
+.Sq Aq 5 .
+This priority code should map into the priorities defined in the
+include file
+.In sys/syslog.h .
 .Pp
-To forward messages to to a remote host, create a rule in
-.Pa syslog.conf
-with the name of the hostname to which the messages is to be sent
-prepended with an at
-.Sq ( @ )
-sign.  By default,
+For security reasons,
 .Nm
-sends messages to remote servers in the old-school
-.Ql BSD
-format, without timestamp and hostname.  This is for compatibility
-reasons.   Append the
-.Ql ;RFC5424
-option to the rule to enable RFC5424 style formatting which includes
-RFC3339 timestamp and hostname information.
+will not append to log files that do not exist
+.Po unless Fl C
+option is specified
+.Pc ;
+therefore, they must be created manually before running
+.Nm .
 .Pp
-For example, to forward
-.Sy ALL
-messages to a remote host use the following
-.Pa syslog.conf
-entry:
-.Bd -literal -offset indent
-# Sample syslogd configuration file to forward all message
-# messages to a remote host using RFC5424 style formatting
-*.*		@hostname	;RFC5424
-.Ed
-.Pp
-To forward all
-.Ql kernel
-messages to a remote host (in old-school BSD formatting) the
-configuration file would be as follows:
-.Bd -literal -offset indent
-# Sample configuration file to forward all kernel messages
-# to a remote host.
-kern.*		@hostname
-.Ed
-.Pp
-If the remote hostname cannot be resolved at startup, because the
-name server might not yet be accessible (maybe started later in
-the boot sequence),
-.Nm
-will retry resolving the name ten times before logging the error.
-Another possibility to avoid this is to place the hostname in
-.Pa /etc/hosts .
-.Pp
-If the remote host is located in the same domain as the host,
-.Nm
-is running on, only the simple hostname will be logged instead of the
-whole FQDN.
-.Sh NAMED PIPES
-A FIFO, or named pipe, can be used as a destination for log messages by
-prepending a pipy symbol ('|') to the name of the file.  This is very
-handy for debugging.  Note, the FIFO must be created with the
-.Xr mkfifo 1
-command before
-.Nm
-is started.
-.Pp
-The following configuration file routes debug messages from the kernel
-to a FIFO:
-.Bd -literal -offset indent
-# Sample configuration to route kernel debugging messages
-# ONLY to /var/log/debug which is a named pipe.
-kern.=debug	|/var/log/debug
-.Ed
-.Sh SECURITY
-There is the potential for
-.Nm
-to be used as a conduit for a denial of service attack.  Thanks go to
-.An John Morrison Aq Mt jmorriso@rflab.ee.ubc.ca
-for alerting the project of this.  A rogue program(mer) could very
-easily flood
-.Nm
-with syslog messages resulting in the log files consuming all the
-remaining space on the filesystem.  Activating logging over network
-domain sockets will of course expose a system to risks outside of
-programs or individuals on the local machine.
-.Pp
-There are a number of methods of protecting a machine:
-.Bl -enum
-.It
-Disabling inet domain sockets will limit risk to the local machine.  Use
-the secore mode flag
-.Fl s
-for this.
-.It
-Only allow certain remote peers using the
-.Fl a Ar PEER
+The date and time are taken from the received message.
+If the format of the timestamp field is incorrect,
+time obtained from the local host is used instead.
+This can be overridden by the
+.Fl T
 flag.
-.It
-Implement kernel firewalling to limit which hosts or networks have
-access to the 514/UDP socket.
-.It
-Logging can be directed to an isolated or non-root filesystem which,
-if filled, will not impair the machine.
-.It
-The ext2 filesystem can be used which can be configured to limit a
-certain percentage of a filesystem to usage by root only.
-.El
-.Sh DEBUGGING
-When debug mode (
-.Fl d )
-is enabled
-.Nm
-is very verbose, writing most of what it does on stdout.  Whenever
-the configuration file is reread and re-parsed you'll see a tabular,
-corresponding to the internal data structure.  This tabular consists of
-four fields:
-.Pp
-.Bl -tag -width arguments
-.It number
-This field contains a serial number starting by zero.  This number
-represents the position in the internal data structure (i.e. the array).
-If one number is left out then there might be an error in the
-corresponding line in
-.Pa /etc/syslog.conf .
-.It pattern
-This field is tricky and represents the internal structure exactly.
-Every column stands for a facility, refer to
-.Xr syslogp 3 .
-As you can see, there are still some facilities left free for former
-use, only the left most are used.  Every field in a column represents
-the priorities, refer to
-.Xr syslogp 3 .
-.It action
-This field describes the particular action that takes place whenever a
-message is received that matches the pattern.  Refer to the
-.Xr syslog.conf 5
-manpage for all possible actions.
-.It arguments
-This field shows additional arguments to the actions in the last field.
-For file-logging this is the filename for the logfile; for user-logging
-this is a list of users; for remote logging this is the hostname of the
-machine to log to; for console-logging this is the used console; for
-tty-logging this is the specified tty; wall has no additional arguments.
-.El
-.Sh SIGNALS
-.Nm
-supports the following signals:
-.Pp
-.Bl -tag -width "TERM, QUIT"
-.It HUP
-This lets
-.Nm
-perform a re-initialization.  All open files are closed, the
-configuration file (see above) is reread and the
-.Xr syslog 3
-facility is started again.
-.It TERM
-This tells 
-.Nm
-to exit gracefully.  Flushing any log files to disk.
-.It INT, QUIT
-In debug mode these are ignored.  In normal operation they act as
-SIGTERM.
-.It USR1
-In debug mode this switches debugging on/off.  In normal operation
-it is ignored.
-.El
-.Pp
-For convenience the PID is by default stored in
-.Pa /var/run/syslogd.pid .
-A script can look for the existance of this file to determine if
-.Nm
-is running, and then send signals:
-.Bd -literal -offset indent
-kill -SIGNAL `cat /var/run/syslogd.pid`
-.Ed
 .Sh FILES
-.Bl -tag -width TERM
-.It Pa /dev/log
-The UNIX domain socket to from where local syslog messages are read.
-.It Pa /proc/kmsg
-The kernel log file
-.Nm
-reads on Linux.
+.Bl -tag -width /var/run/syslog.pid -compact
 .It Pa /etc/syslog.conf
-Configuration file for
-.Nm .
-See
-.Xr syslog.conf 5
-for more information.
-.It Pa /etc/syslog.d/*.conf
-Conventional sub-directory of
-.Pa .conf
-files read by
-.Nm .
-.It Pa /etc/syslog.d/50-default.conf
-Conventional name for default rules.
-.It Pa /var/run/syslogd.pid
-The file containing the process id of 
-.Nm .
+configuration file
+.It Pa /var/run/syslog.pid
+default process ID file
+.It Pa /var/run/log
+name of the
+.Ux
+domain datagram log socket
+.It Pa /var/run/logpriv
+.Ux
+socket for privileged applications
+.It Pa /dev/klog
+kernel log device
 .El
-.Sh BUGS
-The ability to log messages received in UDP packets is equivalent to an
-unauthenticated remote disk-filling service, and should probably be
-disabled
-.Fl ( s )
-by default.  (The shipped systemd unit file disables this by default.)
-See also
-.Sx SECURITY
-for more information on this.  A future version of
-.Nm
-may include support for TLS, RFC5425, which includes authentication of
-both senders and receivers.
-.Pp
-As mentioned in the
-.Sx DESCRIPTION ,
-.Nm
-transparently supports the standard C library
-.Xr syslog 3
-API.  If a binary linked to the standard C libraries does not operate
-correctly, this should be reported as a bug to this project.  See below
-for contact details.
 .Sh SEE ALSO
-.Xr syslog.conf 5 ,
 .Xr logger 1 ,
-.Xr syslog 2 ,
-.Xr syslogp 3 ,
+.Xr syslog 3 ,
 .Xr services 5 ,
-.Xr savelog 8 .
-.Sh AUTHORS
-The system log daemon
+.Xr syslog.conf 5 ,
+.Xr newsyslog 8
+.Sh HISTORY
+The
 .Nm
-is originally taken from BSD sources and later updated with new
-funcitonality from
-.Fx
+utility appeared in
+.Bx 4.3 .
+.Pp
+The
+.Fl a ,
+.Fl s ,
+.Fl u ,
 and
-.Nx .
-.An -nosplit
-.An Greg Wettstein Aq Mt greg@wind.enjellic.com
-performed the initial port to Linux.
-.An Martin Schulze Aq Mt joey@infodrom.org
-fixed some bugs, added several new features and took over maintenance.
-.An Joachim Nilsson Aq Mt troglobit@gmail.com
-later picked up the aging
-.Nm sysklogd
-project and gave it a home at GitHub with new features imported from
-.Fx
-and
-.Nx .
+.Fl v
+options are
+.Fx 2.2
+extensions.
+.Sh BUGS
+The ability to log messages received in UDP packets is equivalent to
+an unauthenticated remote disk-filling service,
+and should probably be disabled by default.
+Some sort of
+.No inter- Ns Nm syslogd
+authentication mechanism ought to be worked out.
+To prevent the worst abuse,
+use of the
+.Fl a
+option is therefore highly recommended.
+.Pp
+The
+.Fl a
+matching algorithm does not pretend to be very efficient;
+use of numeric IP addresses is faster than domain name comparison.
+Since the allowed peer list is being walked linearly,
+peer groups where frequent messages are being anticipated
+from should be put early into the
+.Fl a
+list.
+.Pp
+The log socket was moved from
+.Pa /dev
+to ease the use of a read-only root file system.
+This may confuse
+some old binaries so that a symbolic link might be used for a
+transitional period.