TweetFollow Us on Twitter

Tips & Tidbits

Volume Number: 21 (2005)
Issue Number: 9
Column Tag: Programming

Tips & Tidbits

Centralized Device Logging With Tiger and Syslogd

by Aaron Adams

Many network devices, such as routers, firewalls, and wireless access points, have the ability to send logging information to other listening devices called syslog servers. Mac OS X uses a syslog server daemon to record its own logging information, and that same daemon can also be configured to accept logging information from external devices. In this quick tutorial, we'll do just that by editing a text file, and using a new Tiger feature.

With Tiger, syslogd is initiated upon system startup by launchd, a new Apple daemon that manages the instantiation of other daemons and processes. System daemons are launched with the aid of a plist, an XML text file, placed in /System/Library/LaunchDaemons, and a file in that folder, named com.apple.syslogd.plist, is what we must edit to enable external logging functionality.

It's probably simplest to edit this plist in the Terminal. Backing up this plist file before editing it is a good idea, so start up Terminal and enter this line at the prompt: 

cp /System/Library/LaunchDaemons/com.apple.syslogd.plist ~/Desktop/

For those unfamiliar with the Terminal, this command copies the plist file to the desktop for temporary safekeeping. The command to restore the file back to its original state is inversely thus: 

sudo cp ~/Desktop/com.apple.syslogd.plist /System/Library/LaunchDaemons/

Next, we proceed to edit the plist:

sudo nano /System/Library/LaunchDaemons/com.apple.syslogd.plist

This line starts up the text editor nano as the root user to edit the plist file mentioned above. Scroll down to this line: 

<string>/usr/sbin/syslogd</string>

...and add the following directly below it: 

<string>-u</string>

Save and exit. The -u we've inserted is a switch at the end of the syslogd command that tells the process to listen on UDP port 514. Now that syslogd is ready to receive logging messages from other devices, we have to stop the current running syslogd process and restart it with the new option to listen. 

sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist sudo
launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

launchctl is a utility that instructs launchd to load and unload daemons, among other things. To verify that syslogd is receiving logging messages from external devices, we can watch the system log in action with this command: 

tail -f /var/log/system.log

The last screen-full of the syslog will be displayed. When new events are received by syslogd, they'll be displayed on the screen and written to the log. Control-c will terminate the syslog watch.

That was easy! Well... wait for it... there's a catch. (You knew that, didn't you?) As of 10.4.1, there is a bug of some kind that affects syslogd. Each day in the wee hours of the morning, your Mac runs a script called /etc/periodic/daily/500.daily. Near the end of that script, the syslogd process is killed using the old-fashioned Unix kill command and when it restarts, for whatever reason, syslogd simply ceases to function. Not only does it not pay attention to log messages sent from other devices, it doesn't bother to record logging information from the local machine.

Fortunately, there's a simple fix. Also near the end of 500.daily, there is a command to call up another file named /etc/daily.local. This file is intended to execute additional commands for specific machines on a daily basis, and it may or may not already exist on your Mac. Either way, let's edit (or create) it with the following command in the terminal: 

sudo nano /etc/daily.local

The contents of this file are pretty simple. 

launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
sleep 1
launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

Save and exit. This script stops and restarts the syslogd process via launchd so that it once again will listen for external logging messages. This script differs just a bit from the commands we used at the terminal. Since 500.daily runs as root and calls up daily.local, daily.local also runs as root, so the sudo command is not needed for launchctl. Also, we've inserted a sleep command to give the computer a second to catch its breath.

Finally, the daily.local script needs to be made executable with the following command: 

sudo chmod 744 /etc/daily.local

That's it. Done. You are now logging away. Good job.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Latest Forum Discussions

See All

The Legend of Heroes: Trails of Cold Ste...
I adore game series that have connecting lore and stories, which of course means the Legend of Heroes is very dear to me, Trails lore has been building for two decades. Excitedly, the next stage is upon us as Userjoy has announced the upcoming... | Read more »
Go from lowly lizard to wicked Wyvern in...
Do you like questing, and do you like dragons? If not then boy is this not the announcement for you, as Loongcheer Game has unveiled Quest Dragon: Idle Mobile Game. Yes, it is amazing Square Enix hasn’t sued them for copyright infringement, but... | Read more »
Aether Gazer unveils Chapter 16 of its m...
After a bit of maintenance, Aether Gazer has released Chapter 16 of its main storyline, titled Night Parade of the Beasts. This big update brings a new character, a special outfit, some special limited-time events, and, of course, an engaging... | Read more »
Challenge those pesky wyverns to a dance...
After recently having you do battle against your foes by wildly flailing Hello Kitty and friends at them, GungHo Online has whipped out another surprising collaboration for Puzzle & Dragons. It is now time to beat your opponents by cha-cha... | Read more »
Pack a magnifying glass and practice you...
Somehow it has already been a year since Torchlight: Infinite launched, and XD Games is celebrating by blending in what sounds like a truly fantastic new update. Fans of Cthulhu rejoice, as Whispering Mist brings some horror elements, and tests... | Read more »
Summon your guild and prepare for war in...
Netmarble is making some pretty big moves with their latest update for Seven Knights Idle Adventure, with a bunch of interesting additions. Two new heroes enter the battle, there are events and bosses abound, and perhaps most interesting, a huge... | Read more »
Make the passage of time your plaything...
While some of us are still waiting for a chance to get our hands on Ash Prime - yes, don’t remind me I could currently buy him this month I’m barely hanging on - Digital Extremes has announced its next anticipated Prime Form for Warframe. Starting... | Read more »
If you can find it and fit through the d...
The holy trinity of amazing company names have come together, to release their equally amazing and adorable mobile game, Hamster Inn. Published by HyperBeard Games, and co-developed by Mum Not Proud and Little Sasquatch Studios, it's time to... | Read more »
Amikin Survival opens for pre-orders on...
Join me on the wonderful trip down the inspiration rabbit hole; much as Palworld seemingly “borrowed” many aspects from the hit Pokemon franchise, it is time for the heavily armed animal survival to also spawn some illegitimate children as Helio... | Read more »
PUBG Mobile teams up with global phenome...
Since launching in 2019, SpyxFamily has exploded to damn near catastrophic popularity, so it was only a matter of time before a mobile game snapped up a collaboration. Enter PUBG Mobile. Until May 12th, players will be able to collect a host of... | Read more »
See All

Price Scanner via MacPrices.net

Sunday Sale: Apple Studio Display with Standa...
Amazon has the standard-glass Apple Studio Display on sale for $300 off MSRP for a limited time. Shipping is free: – Studio Display (Standard glass): $1299.97 $300 off MSRP For the latest prices and... Read more
Apple is offering significant discounts on 16...
Apple has a full line of 16″ M3 Pro and M3 Max MacBook Pros available, Certified Refurbished, starting at $2119 and ranging up to $600 off MSRP. Each model features a new outer case, shipping is free... Read more
Apple HomePods on sale for $30-$50 off MSRP t...
Best Buy is offering a $30-$50 discount on Apple HomePods this weekend on their online store. The HomePod mini is on sale for $69.99, $30 off MSRP, while Best Buy has the full-size HomePod on sale... Read more
Limited-time sale: 13-inch M3 MacBook Airs fo...
Amazon has the base 13″ M3 MacBook Air (8GB/256GB) in stock and on sale for a limited time for $989 shipped. That’s $110 off MSRP, and it’s the lowest price we’ve seen so far for an M3-powered... Read more
13-inch M2 MacBook Airs in stock today at App...
Apple has 13″ M2 MacBook Airs available for only $849 today in their Certified Refurbished store. These are the cheapest M2-powered MacBooks for sale at Apple. Apple’s one-year warranty is included,... Read more
New today at Apple: Series 9 Watches availabl...
Apple is now offering Certified Refurbished Apple Watch Series 9 models on their online store for up to $80 off MSRP, starting at $339. Each Watch includes Apple’s standard one-year warranty, a new... Read more
The latest Apple iPhone deals from wireless c...
We’ve updated our iPhone Price Tracker with the latest carrier deals on Apple’s iPhone 15 family of smartphones as well as previous models including the iPhone 14, 13, 12, 11, and SE. Use our price... Read more
Boost Mobile will sell you an iPhone 11 for $...
Boost Mobile, an MVNO using AT&T and T-Mobile’s networks, is offering an iPhone 11 for $149.99 when purchased with their $40 Unlimited service plan (12GB of premium data). No trade-in is required... Read more
Free iPhone 15 plus Unlimited service for $60...
Boost Infinite, part of MVNO Boost Mobile using AT&T and T-Mobile’s networks, is offering a free 128GB iPhone 15 for $60 per month including their Unlimited service plan (30GB of premium data).... Read more
$300 off any new iPhone with service at Red P...
Red Pocket Mobile has new Apple iPhones on sale for $300 off MSRP when you switch and open up a new line of service. Red Pocket Mobile is a nationwide MVNO using all the major wireless carrier... Read more
 

Jobs Board

Licensed Practical Nurse - Womens Imaging *A...
Licensed Practical Nurse - Womens Imaging Apple Hill - PRN Location: York Hospital, York, PA Schedule: PRN/Per Diem Sign-On Bonus Eligible Remote/Hybrid Regular Read more
DMR Technician - *Apple* /iOS Systems - Haml...
…relevant point-of-need technology self-help aids are available as appropriate. ** Apple Systems Administration** **:** Develops solutions for supporting, deploying, Read more
Operating Room Assistant - *Apple* Hill Sur...
Operating Room Assistant - Apple Hill Surgical Center - Day Location: WellSpan Health, York, PA Schedule: Full Time Sign-On Bonus Eligible Remote/Hybrid Regular Read more
Solutions Engineer - *Apple* - SHI (United...
**Job Summary** An Apple Solution Engineer's primary role is tosupport SHI customers in their efforts to select, deploy, and manage Apple operating systems and Read more
DMR Technician - *Apple* /iOS Systems - Haml...
…relevant point-of-need technology self-help aids are available as appropriate. ** Apple Systems Administration** **:** Develops solutions for supporting, deploying, Read more

  • Generate a short URL for this page:



All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.