Change syslog.conf comments relating to network logging to focus on client

setup which is configured in the file itself, rather than talking partly about client (set in the file), command-line flags used for servers which are better suited to the syslogd(8) manual, and ISDN. In the commented-out examples, use tls rather than the plaintext protocol. If users don't need tls they can change it, but it's a sane default, and a good place to show that we have the feature. ok bluhm@
2024-12-21 23:18:00 -08:00 · 2021-10-13 20:34:03 +00:00 · 2021-10-13 20:34:03 +00:00 · b31e2d198f
commit b31e2d198f
parent 376af011dc
1 changed files with 6 additions and 8 deletions
--- a/etc/syslog.conf
+++ b/etc/syslog.conf
@ -1,4 +1,4 @@
-#	$OpenBSD: syslog.conf,v 1.20 2016/12/27 13:38:14 jca Exp $
+#	$OpenBSD: syslog.conf,v 1.21 2021/10/13 20:34:03 sthen Exp $
 #

 *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none	/var/log/messages
@ -22,13 +22,11 @@ mail.info						/var/log/maillog
 # Everyone gets emergency messages.
 #*.emerg							*

-# Uncomment to log to a central host named "loghost".  You need to run
-# syslogd with the -u option on the remote host if you are using this.
-# (This is also required to log info from things like routers and
-# ISDN-equipment).  If you run -u, you are vulnerable to syslog bombing,
-# and should consider blocking external syslog packets.
-#*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none	@loghost
-#auth,daemon,syslog,user.info;authpriv,kern.debug		@loghost
+# Uncomment to log to a central host named "loghost" using syslog-tls.
+# You need to run syslogd with the -S option on the remote host if you
+# are using this.
+#*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none	@tls://loghost
+#auth,daemon,syslog,user.info;authpriv,kern.debug		@tls://loghost

 # Uncomment to log messages from doas(1) to its own log file.  Matches are done
 # based on the program name.