TweetFollow Us on Twitter

Tips & Tidbits

Volume Number: 21 (2005)
Issue Number: 9
Column Tag: Programming

Tips & Tidbits

Centralized Device Logging With Tiger and Syslogd

by Aaron Adams

Many network devices, such as routers, firewalls, and wireless access points, have the ability to send logging information to other listening devices called syslog servers. Mac OS X uses a syslog server daemon to record its own logging information, and that same daemon can also be configured to accept logging information from external devices. In this quick tutorial, we'll do just that by editing a text file, and using a new Tiger feature.

With Tiger, syslogd is initiated upon system startup by launchd, a new Apple daemon that manages the instantiation of other daemons and processes. System daemons are launched with the aid of a plist, an XML text file, placed in /System/Library/LaunchDaemons, and a file in that folder, named com.apple.syslogd.plist, is what we must edit to enable external logging functionality.

It's probably simplest to edit this plist in the Terminal. Backing up this plist file before editing it is a good idea, so start up Terminal and enter this line at the prompt: 

cp /System/Library/LaunchDaemons/com.apple.syslogd.plist ~/Desktop/

For those unfamiliar with the Terminal, this command copies the plist file to the desktop for temporary safekeeping. The command to restore the file back to its original state is inversely thus: 

sudo cp ~/Desktop/com.apple.syslogd.plist /System/Library/LaunchDaemons/

Next, we proceed to edit the plist:

sudo nano /System/Library/LaunchDaemons/com.apple.syslogd.plist

This line starts up the text editor nano as the root user to edit the plist file mentioned above. Scroll down to this line: 

<string>/usr/sbin/syslogd</string>

...and add the following directly below it: 

<string>-u</string>

Save and exit. The -u we've inserted is a switch at the end of the syslogd command that tells the process to listen on UDP port 514. Now that syslogd is ready to receive logging messages from other devices, we have to stop the current running syslogd process and restart it with the new option to listen. 

sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist sudo
launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

launchctl is a utility that instructs launchd to load and unload daemons, among other things. To verify that syslogd is receiving logging messages from external devices, we can watch the system log in action with this command: 

tail -f /var/log/system.log

The last screen-full of the syslog will be displayed. When new events are received by syslogd, they'll be displayed on the screen and written to the log. Control-c will terminate the syslog watch.

That was easy! Well... wait for it... there's a catch. (You knew that, didn't you?) As of 10.4.1, there is a bug of some kind that affects syslogd. Each day in the wee hours of the morning, your Mac runs a script called /etc/periodic/daily/500.daily. Near the end of that script, the syslogd process is killed using the old-fashioned Unix kill command and when it restarts, for whatever reason, syslogd simply ceases to function. Not only does it not pay attention to log messages sent from other devices, it doesn't bother to record logging information from the local machine.

Fortunately, there's a simple fix. Also near the end of 500.daily, there is a command to call up another file named /etc/daily.local. This file is intended to execute additional commands for specific machines on a daily basis, and it may or may not already exist on your Mac. Either way, let's edit (or create) it with the following command in the terminal: 

sudo nano /etc/daily.local

The contents of this file are pretty simple. 

launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
sleep 1
launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

Save and exit. This script stops and restarts the syslogd process via launchd so that it once again will listen for external logging messages. This script differs just a bit from the commands we used at the terminal. Since 500.daily runs as root and calls up daily.local, daily.local also runs as root, so the sudo command is not needed for launchctl. Also, we've inserted a sleep command to give the computer a second to catch its breath.

Finally, the daily.local script needs to be made executable with the following command: 

sudo chmod 744 /etc/daily.local

That's it. Done. You are now logging away. Good job.

 
AAPL
$560.80
Apple Inc.
-4.52
GOOG
$593.50
Google Inc.
-10.16
MSFT
$29.23
Microsoft Corpora
+0.16
MacNews Search:
Community Search:
See All
view counter

view counter
view counter
dockXtender
view counter
view counter
view counter
view counter
view counter
view counter

Official TechCrunch App Released
TechCrunch, probably the most widely recognized news source for technology and start-ups, has just released an iPad app. The app, TechCrunch – The Inside Story on Innovation (I think I would’ve just gone with TechCrunch), is an optimized reader app for all of the free content on the TechCrunch website. | Read more »
Wingsuit Stickman Review
Wingsuit Stickman Review By Kevin Stout on May 25th, 2012 Our Rating: :: DIFFICULTiPhone App - Designed for the iPhone, compatible with the iPad Wingsuit Stickman is a physics-based game where players control a stickman on a glider.   | Read more »
13 Year-Old Releases First App, Mad Pigs
Last month, I reported on a 15 year-old developer releasing his first game (Patrick Balestra and Catch the Airplanes). This month, we found a developer a full two years younger releasing his first game! Jack McGraw, 13 year-old developer, has just released his first app, Mad Pigs. | Read more »
Samplodica Review
Samplodica Review By Angela LaFollette on May 25th, 2012 Our Rating: :: MUSICAL MAYHEMiPhone App - Designed for the iPhone, compatible with the iPad Samplodica is an intuitive musical instrument that is played by whipping the iPhone in the air.   | Read more »
Empire of the Eclipse Review
Empire of the Eclipse Review By Carter Dotson on May 24th, 2012 Our Rating: :: OVERSHADOWINGiPhone App - Designed for the iPhone, compatible with the iPad Empire of the Eclipse is an ambitious strategy MMO that is very deep, and aimed at dedicated players.   | Read more »
Bejeweled HD Review
Bejeweled HD Review By Jennifer Allen on May 24th, 2012 Our Rating: :: ADDICTIVEiPad Only App - Designed for the iPad The iPad version of the ever addictive Match Three title.   Developer: PopCap Price: $3.99 Version Reviewed: 1.2 Device Reviewed On: iPad 2 | Read more »
Facebook Releases New Camera App To Stre...
While not a replacement for Instagram, Facebook Camera is a good first step in this month+ old union of the two companies. Released today, Facebook camera looks to streamline the viewing of photos and the uploading of them. The app allows you to apply simple filters to images, tag people, upload multiple images at once, and post a note about the... | Read more »
Missile Monkey Review
Missile Monkey Review By Lisa Caplan on May 24th, 2012 Our Rating: :: FLYING LOWUniversal App - Designed for iPhone and iPad Missile Monkey is a must miss   Developer: Munsey Clan Games Price: $0.99 Version Reviewed: 1.0 Device Reviewed On: iPad 2 | Read more »
Boomlings Review
Boomlings Review By Lisa Caplan on May 24th, 2012 Our Rating: :: FUN FREEBIEUniversal App - Designed for iPhone and iPad Boomlings is a traditional matching puzzle game, with some explosive twists   | Read more »
Dave vs Cave Review
Dave vs Cave Review By Jason Wadsworth on May 24th, 2012 Our Rating: :: WATCH FOR FALLING ROCKSUniversal App - Designed for iPhone and iPad Kid falls down hole, kid gets trapped in cave, kid fights evil rock monsters to escape.   Developer: Origame64 | Read more »
See All
All contents are Copyright 1984-2010 by Xplain Corporation. All rights reserved. Theme designed by Icreon.