Enable an Apple Mac OS X machine as a syslog server
Here is a small howto that describes how your Mac OS X machine can also receive logs from remote devices such as an Apple Airport Extreme. There are some howto's available online, but I guess that somethings have changed in 10.5, none seem to work perfectly.
Change syslogd configuration
# echo "local0.notice /var/log/airport.log" >> /etc/syslog.confTouch the logfile
# touch /var/log/airport.logChange syslogd startup procedure
At the end of the file, uncomment the part to accept remote logging.
# cat /System/Library/LaunchDaemons/com.apple.syslogd.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.syslogd</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<!--
Un-comment the following lines to run syslogd with a sandbox profile.
Sandbox profiles restrict processes from performing unauthorized
operations; so it may be necessary to update the profile
(/usr/share/sandbox/syslogd.sb) if any changes are made to the syslog
configuration (/etc/syslog.conf).
-->
<!--
<string>/usr/bin/sandbox-exec</string>
<string>-f</string>
<string>/usr/share/sandbox/syslogd.sb</string>
-->
<string>/usr/sbin/syslogd</string>
</array>
<key>MachServices</key>
<dict>
<key>com.apple.system.logger</key>
<true/>
</dict>
<key>Sockets</key>
<dict>
<key>AppleSystemLogger</key>
<dict>
<key>SockPathName</key>
<string>/var/run/asl_input</string>
<key>SockPathMode</key>
<integer>438</integer>
</dict>
<key>BSDSystemLogger</key>
<dict>
<key>SockPathName</key>
<string>/var/run/syslog</string>
<key>SockType</key>
<string>dgram</string>
<key>SockPathMode</key>
<integer>438</integer>
</dict>
<!--
Un-comment the following lines to enable the network syslog protocol listener.
-->
<key>NetworkListener</key>
<dict>
<key>SockServiceName</key>
<string>syslog</string>
<key>SockType</key>
<string>dgram</string>
</dict>
</dict>
</dict>
</plist>Restart syslogd
# launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
# launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plistOpen the firewall
Go the the System Preferences, click Security, open the Firewall tab and click the +. Select the file /usr/bin/syslog.
If you are unable to select the /usr directory, try this hack by opening a terminal and typing:
$ cd
$ ln -s /usr/bin
$ ln -s /usr/sbinNow you can select the file (in your home directory) ./bin/syslog and ./sbin/syslogd
Configure remote devices
Now tell the remote devices (Like the Apple Airport Extremes) to dump their log at the IP address of your Mac OS X machine.
See the result
Now either open the application "Console" or from a terminal, run "tail -f /var/log/airport.log" to see the results as they come in.
Comments
I am confused. I already have
I am confused. I already have a local0 entry. How does this know airport messages should go in the Airport log?
In fact, this stuff is now showing up in the appfirewall log which is the other local0 entry.
If you already have a local0
If you already have a local0 entry, you will find the Airport logs in the file/host/device that's refered to there.
In that case you might want to change the Airport configuration to use an unused entry like local1. When that's done, you need to modify /etc/syslog.conf to store local1 in some specific file.
Thanks for the comment.
Thanks for the comment. However, it isn't obvious where I would make that change. I see nothing associating the airport name with anything in the syslog.conf. Note that I have added an entry of form +xxx.yyy.zzz.200 to provide the addresses of the boxes in the syslog.conf.
Great article, worked
Great article, worked perfectly. Thanks.
Hey, i got up to where i was
Hey, i got up to where i was supposed to enable syslog on the firewall gui,
I couldn't select /usr/bin/syslog the window to select the app only lists the regular apps in the Applications folder
how were you able to select a hidden folder/folder as /usr/bin/syslog?
I have the exact same
I have the exact same problem, I cannot find /usr/bin/syslogd in the dialog, it won't even show the /usr directory hierarchy AT ALL!
Personally I think this is a perfect example of why Finder is a total failure on the part of Apple, if it can't show me what the command line can then what is the point of using it at all?
Joseph
Wrong on several points. 1.
Wrong on several points.
1. Showing many files that only an expert should change is foolish and distracting. An expert won't be using the Finder to make changes in the first place; a non-expert will not want to see tens of thousands of files that have absolutely nothing to do with how they use their computer -- files that are "The System".
2. You can get to ANY files through the Finder that you can through the command line. Try using the Go->Go To Folder... option in Finder before you whine.
3. This is an issue of the standard Open dialogue, not the Finder. We're already half in the Terminal and half in the Finder for these instructions anyhow, and there are Terminal-only solutions to this, as well as the author's half-Terminal solution, which works just fine. A workaround in the Open Dialog, like CMD-OPT clicking to get to otherwise unviewable files might be nice... it might even be in there already and I just don't know the keystrokes.
To enable the firewall, I
To enable the firewall, I needed to specify /usr/sbin/syslogd, not /usr/bin/syslog, on Leopard.
jd
An easy way to specify hidden
An easy way to specify hidden files in the open dialog is to first open the folder using Finder's "Go To Folder...", then drag the folder to the favourites bar on the left of the window. Then from the open file dialog, when Go To Folder is not available, you can just click the shortcut to see the hidden folder and its contents.
A just easier way to select
A just easier way to select finder-hidden files would be to hit the keystroke "Apple(Comand)+Shift+G" within the open dialog box.