DanInSFBay
Registered
How to setup syslogd and syslog.conf to record remote and internal log events into individual log files using 10.3.6
I'd like to thank all those who created these various help posts.
First turn on remote sysloging:
http://docs.info.apple.com/article.html?artnum=107993
Note:
http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/syslogd.8.html
Then open UDP port 514 if required:
http://docs.info.apple.com/article.html?artnum=106439
Configure syslog.conf to log the events into a log file:
http://www.macosxhints.com/article.php?story=20040301223642276
http://forums.macosxhints.com/showthread.php?t=21236
My example:
In syslog.conf, above the first log line:
*.err;kern.*;auth.notice; (blah blah)
add the folowing lines:
# Log remote Airport Extreme
#airport IP address
+1.2.3.4
*.*<tab><tab>/var/log/AirportExtreme.log
!* #end block
# Log router
#remote router IP address
+1.2.3.5
*.*<tab><tab>/var/log/Router.log
!* #end block
#OS X Server services
# IPFW Firewall
!ipfw
*.*<tab><tab>/var/log/ipfw.log
!* #end block
#CRON events (NOTE CASE)
!CRON
*.*<tab><tab>/var/log/RemoteFirewall.log
!* #end block
(etc.)
You can then exclude the log messages so they don't appear in other logs (I don't) using:
http://forums.macosxhints.com/showthread.php?t=25815&highlight=syslog
Remember to create (touch) the above log files.
You may want to modify your daily and weekly log rotation:
Ex. in 500.weekly look for this line and add your log file names:
for i in ftp.log lookupd.log (blah blah)
Again, the true authors:
http://forums.macosxhints.com/showthread.php?t=21236 --> send IPFW to its own log
http://www.macosxhints.com/article.php?story=20040301223642276 --> how to receive from remote hosts
http://www.oit.duke.edu/mac/OSX_logging.html --> Start and Stop syslogd etc.
http://docs.info.apple.com/article.html?artnum=107993 --> Turn on remote syslog server
http://forums.macosxhints.com/showthread.php?t=25815&highlight=syslog --> exclude log events
and most important the missing OS X syslog.conf man page!
http://www.freebsd.org/cgi/man.cgi?...ath=FreeBSD+5.3-RELEASE+and+Ports&format=html
I hope this helps...
I'd like to thank all those who created these various help posts.
First turn on remote sysloging:
http://docs.info.apple.com/article.html?artnum=107993
Note:
http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/syslogd.8.html
Then open UDP port 514 if required:
http://docs.info.apple.com/article.html?artnum=106439
Configure syslog.conf to log the events into a log file:
http://www.macosxhints.com/article.php?story=20040301223642276
http://forums.macosxhints.com/showthread.php?t=21236
My example:
In syslog.conf, above the first log line:
*.err;kern.*;auth.notice; (blah blah)
add the folowing lines:
# Log remote Airport Extreme
#airport IP address
+1.2.3.4
*.*<tab><tab>/var/log/AirportExtreme.log
!* #end block
# Log router
#remote router IP address
+1.2.3.5
*.*<tab><tab>/var/log/Router.log
!* #end block
#OS X Server services
# IPFW Firewall
!ipfw
*.*<tab><tab>/var/log/ipfw.log
!* #end block
#CRON events (NOTE CASE)
!CRON
*.*<tab><tab>/var/log/RemoteFirewall.log
!* #end block
(etc.)
You can then exclude the log messages so they don't appear in other logs (I don't) using:
http://forums.macosxhints.com/showthread.php?t=25815&highlight=syslog
Remember to create (touch) the above log files.
You may want to modify your daily and weekly log rotation:
Ex. in 500.weekly look for this line and add your log file names:
for i in ftp.log lookupd.log (blah blah)
Again, the true authors:
http://forums.macosxhints.com/showthread.php?t=21236 --> send IPFW to its own log
http://www.macosxhints.com/article.php?story=20040301223642276 --> how to receive from remote hosts
http://www.oit.duke.edu/mac/OSX_logging.html --> Start and Stop syslogd etc.
http://docs.info.apple.com/article.html?artnum=107993 --> Turn on remote syslog server
http://forums.macosxhints.com/showthread.php?t=25815&highlight=syslog --> exclude log events
and most important the missing OS X syslog.conf man page!
http://www.freebsd.org/cgi/man.cgi?...ath=FreeBSD+5.3-RELEASE+and+Ports&format=html
I hope this helps...