usr.sbin: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.

Sponsored by: Netflix

Remove $FreeBSD$: one-line nroff pattern

Remove /^\.\\"\s*\$FreeBSD\$$\n/

syslogd: Increase message size limits

Add a -M option to control the maximum length of forwarded messages.
syslogd(8) used to truncate forwarded messages to 1024 bytes, but after
commit 1a874a126a54 ("Add RFC 5424 syslog message output to syslogd.")
applies a more conservative limit of 480 bytes for IPv4 per RFC 5426
section 3.2. Restore the old default behaviour of truncating to 1024
bytes. RFC 5424 specifies no upper limit on the length of forwarded
messages, while for RFC 3164 the limit is 1024 bytes.

Increase MAXLINE to 8192 bytes to correspond to commit 672ef817a192.

Replaced bootfile[] size for MAXPATHLEN used in getbootfile(3) as a
returned value. Using (MAXLINE+1) as a size for bootfile[] is excessive.

PR: 241937
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D27206

Document that syslogd -v has no effect when RFC 5424 mode is enabled.

The variable it sets, LogFacPri, is only used in the RFC 3164 formatting
codepath.

PR: 229457
Reported by: Andre Albsmeier
MFC after: 1 week

Use proper alphabetic sorting of options.

Add RFC 5424 syslog message output to syslogd.

- Move all of the code responsible for transmitting log messages into a
separate function, fprintlog_write().
- Instead of manually modifying a list of iovecs, add a structure
iovlist with some helper functions.
- Alter the F_FORW (UDP message forwarding) case to also use iovecs like
the other cases. Use sendmsg() instead of sendto().
- In the case of F_FORW, truncate the message to a size dependent on the
address family (AF_INET, AF_INET6), as proposed by RFC 5426.
- Move all traditional message formatting into fprintlog_bsd(). Get rid
of some of the string copying and snprintf()'ing. Simply emit more
iovecs to get the job done.
- Increase ttymsg()'s limit of 7 iovecs to 32. Add a definition for this
limit, so it can be reused by iovlist.
- Add fprintlog_rfc5424() to emit RFC 5424 formatted log entries.
- Add a "-O" command line option to enable RFC 5424 formatting. It would
have been nicer if we supported "-o rfc5424", just like on NetBSD.
Unfortunately, the "-o" flag is already used for a different purpose
on FreeBSD.
- Don't truncate hostnames in the RFC 5424 case, as suggested by that
specific RFC.

For people interested in using this, this feature can be enabled by
adding the following line to /etc/rc.conf:

syslogd_flags="-s -O rfc5424"

Differential Revision: https://reviews.freebsd.org/D15011

When parsing remote messages, require them to have standard timestamp
field, and support properly parse out the hostname as described by RFC3164,
which wasn't done before. However, don't discard message if it doesn't
have hostname, for compatibility.

Enable logging of the message supplied hostname instead of real hostname
with -H switch.

PR: 200933
Reported by: Konstantin Pavlov <thresh nginx.com>
MFC after: 2 months

Correct nuance of -a :service -> "*" in r314563, r314585

My attempt to correct the sender/receiver behavior was incorrect.
The source port of the sender for forwarded datagrams is filtered
with -a, and my change in r314585 didn't clarify that point at all.

Wording is based on suggestion by hrs.

MFC after: 28 days
X-MFC with: r314563, r314585
Reported by: hrs
In collaboration with: hrs, rgrimes
Sponsored by: Dell EMC Isilon

Correct verb change for service => `*` after r314563

`*` means that packets will be received from a remote peer on any port.
Since the point of interest is the syslogd instance (not the remote peer),
the appropriate verb is "received", not "sent".

MFC after: 1 month
X-MFC with: r314563
Sponsored by: Dell EMC Isilon

Wordsmith syslogd(8)

- Clarify -p/-S options by using appropriate subject-verb modifiers
(verb and modifiers suggested that the subject should have been
singular).
- Simplify/correct -a description:
-- Be more terse when describing IPv4 (the "usual dotted notation"
isn't necessarily well understood by the reader). Being blunt and
saying "IPv4 address" with an optional netmask is.
-- prefixlen is the appropriate terminology for IPv6.
-- mask/prefixlen is optional, not required (as noted later on in the
section).
-- split up IPv4/IPv6 use so to clarify both forms.
-- Fix wordiness when describing the optional "service" specifier.
- -T: Use "cannot" instead of "can't" [*].

Bump .Dd for the changes.

MFC after: 1 month
Reported by: igor [*]
Reviewed by: hrs
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D9855

Renumber copyright clause 4

Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96

mdoc and style fixes.

- Use fnmatch(3) for domanname matching of -a options.
- Document the patten matching.
- Document -S flag in SYNOPSIS.

Escape punctuation characters.

syslogd: support multiple -b options.

It's now possible to bind multiple sockets to different IP addresses.

PR: 159305
Submitted by: Kurt Lidl <lidl pix.net>
Sponsored by: Pi-Coral, Inc.

Update .Dd, sync usage() for -F. Missed in previous change.

Add and document an option to cause syslogd to run in the
foreground.

This allows a separate process to monitor when and how
syslogd exits. That process can then restart syslogd if needed.

Differential Revision: https://reviews.freebsd.org/D1985
Submitted by: Ravi Pokala
Reviewed by: allanjude (man page)

Minor spelling fixes.

Update man page to present -T argument in synopsis

MFC with r183347

MFC after: 0 days

Add a new option, -N to disable the default and recommended syslogd(8)
behavior, which binds to the well known UDP port.

This option implies -s.

MFC after: 2 months

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

syslogd(8) already supports *sending* log messages to non-
standard ports, but it can't *receive* them (port 514 is
hardcoded). This commit adds that missing feature.

(NB: I actually needed this feature for a server farm where
multiple jails run with shared IP addresses, and every jail
should have its own syslogd process.)

As a side effect, syslogd now compiles with WARNS=6.

Approved by: des (mentor)
MFC after: 3 weeks

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

Use "allowed_peer" throughout this manual page.

- Import the HEAD csup code which is the basis for the cvsmode work.

Add a flag, -T, that tells syslogd to always replace the timestamp on
messages from the network. We already replace malformatted timestamps
and this option lets us replace timestamps that are correctly formatted
but wrong.

PR: 120891
Submitted by: Thomas Vogt <thomas@bsdunix.ch>
MFC after: 1 week

Add a -8 switch to syslogd to prevent it from mangling 8-bit data.

By default (for security reasons) syslogd(8) doesn't create log files
when they don't exist, but sometimes its quite useful (eg. we use
non-standard log files and memory backed /var/, which is populated on
boot).

Add -C option which tells syslogd(8) to create log files if they don't
exist.

Glanced at by: phk
MFC after: 3 days

Add -S option which allows to change the pathname of the privileged
socket /var/run/logpriv.

Reviewed by: glebius and kensmith
MFC after: 2 days

Expand *n't contractions.

Scheduled mdoc(7) sweep.

s/priveleged/privileged/

Bump document date.

Noticed by: trhodes
Pointy hat: kensmith
MFC after: 1 week

Add newsyslog(8) to the "See Also" section.

MFC after: 1 week

Protect against local flooder of /var/run/log. Do not loop forever in
syslog(3) if we are a priveleged program (sshd, su, etc.).

- Make syslogd open an additional socket /var/run/logpriv, with 0600
permissions.
- In libc, try to use this socket.
- Do not loop forever if we are using this socket (partial backout of 1.31)

Reviewed by: dwmalone, Andrea Campi <andrea webcom it>
Approved by: julian (mentor)
MFC after: 1 month

- Use stailqueue for sockets instead of socket buffer. Thus
remove limit for 20 sockets.
- Add possibility to specify file mode for sockets created with '-l'.
- Check that socket name in '-l' is absolute.

Reviewed by: dwmalone, Andrea Campi <andrea webcom it>
Approved by: julian (mentor)

Per letter dated July 22, 1999 remove 3rd clause of Berkeley derived software
(with permission of addtional copyright holders where appropriate)

Mechanically kill hard sentence breaks.

mdoc(7): Use the new feature of the .In macro.

Uniformly refer to a file system as "file system".

Approved by: re

mdoc(7) police: markup fixes.

Approved by: re

Add -c option to synopsis. Sort it alphabetically, too.

The .Nm utility

mdoc(7) police: add missing markup bit.

Add a new flag '-c' to disable repeated line compression when the output
is a pipe to another program, or, if specified twice, in all cases.

PR: bin/32420

mdoc(7) police: markup nits.

Make the default kernel prefix "kernel:" instead of the boot file,
with the old behavior available via the -o option (it might still be
useful if one has many kernels and cares which messages came from
which). If the boot file is not used as the prefix, it is still
logged once at startup.

This change is prompted by the fact that the boot file is now much
longer ("/boot/kernel/kernel" vs. "/kernel"), which significanlty
bloats the syslogd output.

Reviewed by: peter

Introduce a -b option that allows the user to specify which address to
bind to. This is useful for hosts running jails that need syslog to
maintain an open socket to log to a remote host.

Reviewed by: sheldonh

Don't make it sound like -A is turning on the default behavior.

Document the fact that syslogd(8) requires logs files to be created
before it will start logging to them.

PR: 27088
Approved by: des
MFC after: 10 days

Remove whitespace at EOL.

mdoc(7) police: removed HISTORY info from the .Os call.

Note that -a is ignored if -s is also specified.

mdoc(7) police: uppercase abbreviations in revision 1.34.

Add the ability to specify alternate PID file for syslogd.

PR: 25784
Submitted by: Jon Villarreal <jonv@ivmg.net>
Reviewed by: iedowse

Prepare for mdocNG.

mdoc(7) police: split punctuation characters + misc fixes.

Prepare for mdoc(7)NG.

mdoc(7) police: document IPv6 options in the SYNOPSIS.

IPv6 support for syslogd.

Reviewed by: freebsd-current
Obtained from: NetBSD

mdoc(7) police: use the new features of the Nm macro.

Syslogd normally converts messages of facility kern to facility
user unless they come directly from the kernel. Document this and
add a flag to syslogd which prevents this conversion.

Sort getopt args while I'm at it.

PR: 21788
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>

Fix spelling of comparison.

Add forgotten -n option to SYNOPSIS section

Submitted by: Reinier Bezuidenhout <rbezuide@oskar.nanoteq.co.za>

Change option -r to -n inline with conventions we use elsewhere.
I guess it serves me right for using a patch directly from Jan
Koum. :)

Requested by: many

Add option 'r' to syslogd which will disable dns queries for every
request. This is useful when you have a large site pointed at a
single syslog server.

Submitted by: Jan Koum <jkb@yahoo-inc.com>

Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.

s|/dev/log|/var/run/log|

Add section number to .Xr. Use .Pa for filenames.
fprintf -> warnx.

Reflect the change in secure mode semantics, and document fascist mode
properly.

$Id$ -> $FreeBSD$

Implement fascist mode (do not open a datagram socket at all).

Add -u, -v and -vv options to syslogd, this improves the control and
logging verbosity about facility & priority levels.
PR: 7278
Reviewed by: phk
Submitted by: Harlan Stenn <Harlan.Stenn@pfcs.com>

Implement new argument -l (OpenBSD has -a but we already use that).
This allows one to specify additional sockets in the unix domain
that syslogd listens to. Its primary use is to create log sockets in
chroot environments.
Obtained from:OpenBSD (with a bug fixed d

Augment the last change after some deliberation with rgrimes & peter.
It is important that we keep the ability to send packets to a remote
server and that the packets come from our well-known port, also in
that case.

Reviewed by: peter, rgrimes.

Cosmetic in usage string.

Use snprintf() instead of sprintf() most of the time.
Obtained from: OpenBSD

Make usage() consistent with man page.

Nobody ever seemed to be interested in reviewing these changes, and i
found that my syslogd is now running them for several months...

Add an option to syslogd to restrict the IP addresses that are allowed
to log to this syslogd. It's too late to develop the inter-syslogd
communications protocol mentioned in the BUGS section, some 10 years
too late. Thus, restricting the IP address range is about the most
effective change we can do if we want to allow incoming syslog
messages at all.

IMHO, we should encourage the system administrators to use this option,
and thus provide a knob in /etc/rc.* for it, defaulting to -a 127.0.0.1/32
(just as a hint about the usage).

Please state opinions about whether to merge this change into 2.2 or
not (i've got it running on RELENG_2_2 anyway).

add an Id line, minor mdoc fix ups

add ftp to list of facilities in syslog.conf
Closes PR#3389
Submitted-by: Pius Fischer

Secure mode (-s) incorrectly disabled both sending and receiving of syslog
packets over UDP. Secure boxes should still be able to send packets.

Revert $FreeBSD$ to $Id$

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Back out the entire change from rev 1.11 of syslogd.c. It was bogus.
Correct the man page to reflect the new reality.

Reviewed by: various (mailing list feedback)
Submitted by: whistle communications

move the socket from /dev to /var/run by default
TRANSITIONALLY make syslog add a symlink..
I PROMISE I'll remove that as soon as I have the makefiles etc fixed as well.

Bring in some fixes from NetBSD and re-hack our syslogd to be option-compatible
with theirs (change the -I option to -s (but leave -I in for backwards compat.)
Also eliminate an make sane some magic numbers, and fix a small bug where we'd
send to an unopened socket.

Reviewed by: wollman
Obtained from: NetBSD

Correct synopsis (-d, -I options were missing because -mdoc mistook
the dI in `.Op Fl dI' for the name of an internal mdoc command).

Add a command-line option `-I' to disable logging from UDP.
Document `-d' and `-I'. Add a BUGS section noting that
logging from UDP is an unauthenticated remote disk-filling service,
and probably should be disabled by default in the absence of some sort
of authentication.

BSD 4.4 Lite usr.sbin Sources