Hi, A coworker did not know that he has to send SIGHUP to syslogd after rotating the log files. I realized that it is not documented.
ok to add it to the man page? While there, replace two 'syslogd' with .Nm for consistency. bluhm Index: usr.sbin/syslogd/syslogd.8 =================================================================== RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.8,v retrieving revision 1.58 diff -u -p -r1.58 syslogd.8 --- usr.sbin/syslogd/syslogd.8 8 Apr 2018 18:57:39 -0000 1.58 +++ usr.sbin/syslogd/syslogd.8 31 Aug 2018 18:48:47 -0000 @@ -159,15 +159,18 @@ syntax. Create a UDP socket for receiving messages and bind it to the specified address. This can be used, for example, with a pf divert-to rule to receive -packets when syslogd is bound to localhost. +packets when +.Nm +is bound to localhost. A port number may be specified using the .Ar host : Ns Ar port syntax. .It Fl u Select the historical .Dq insecure -mode, in which syslogd will -accept input from the UDP port. +mode, in which +.Nm +will accept input from the UDP port. Some software wants this, but you can be subjected to a variety of attacks over the network, including attackers remotely filling logs. .It Fl V @@ -197,6 +200,13 @@ It creates the file and stores its process ID there. The PID can be used to kill or reconfigure .Nm . +After log file rotation it is necessary to send a +.Dv SIGHUP . +Then +.Nm +closes each old log file and starts writing into the new file, which +must have been created by the rotator with correct permissions. +Also outgoing TCP or TLS connections are closed and reopened. .Pp .Nm opens a UDP socket, as specified
