TweetFollow Us on Twitter

Tips & Tidbits

Volume Number: 21 (2005)
Issue Number: 9
Column Tag: Programming

Tips & Tidbits

Centralized Device Logging With Tiger and Syslogd

by Aaron Adams

Many network devices, such as routers, firewalls, and wireless access points, have the ability to send logging information to other listening devices called syslog servers. Mac OS X uses a syslog server daemon to record its own logging information, and that same daemon can also be configured to accept logging information from external devices. In this quick tutorial, we'll do just that by editing a text file, and using a new Tiger feature.

With Tiger, syslogd is initiated upon system startup by launchd, a new Apple daemon that manages the instantiation of other daemons and processes. System daemons are launched with the aid of a plist, an XML text file, placed in /System/Library/LaunchDaemons, and a file in that folder, named com.apple.syslogd.plist, is what we must edit to enable external logging functionality.

It's probably simplest to edit this plist in the Terminal. Backing up this plist file before editing it is a good idea, so start up Terminal and enter this line at the prompt: 

cp /System/Library/LaunchDaemons/com.apple.syslogd.plist ~/Desktop/

For those unfamiliar with the Terminal, this command copies the plist file to the desktop for temporary safekeeping. The command to restore the file back to its original state is inversely thus: 

sudo cp ~/Desktop/com.apple.syslogd.plist /System/Library/LaunchDaemons/

Next, we proceed to edit the plist:

sudo nano /System/Library/LaunchDaemons/com.apple.syslogd.plist

This line starts up the text editor nano as the root user to edit the plist file mentioned above. Scroll down to this line: 

<string>/usr/sbin/syslogd</string>

...and add the following directly below it: 

<string>-u</string>

Save and exit. The -u we've inserted is a switch at the end of the syslogd command that tells the process to listen on UDP port 514. Now that syslogd is ready to receive logging messages from other devices, we have to stop the current running syslogd process and restart it with the new option to listen. 

sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist sudo
launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

launchctl is a utility that instructs launchd to load and unload daemons, among other things. To verify that syslogd is receiving logging messages from external devices, we can watch the system log in action with this command: 

tail -f /var/log/system.log

The last screen-full of the syslog will be displayed. When new events are received by syslogd, they'll be displayed on the screen and written to the log. Control-c will terminate the syslog watch.

That was easy! Well... wait for it... there's a catch. (You knew that, didn't you?) As of 10.4.1, there is a bug of some kind that affects syslogd. Each day in the wee hours of the morning, your Mac runs a script called /etc/periodic/daily/500.daily. Near the end of that script, the syslogd process is killed using the old-fashioned Unix kill command and when it restarts, for whatever reason, syslogd simply ceases to function. Not only does it not pay attention to log messages sent from other devices, it doesn't bother to record logging information from the local machine.

Fortunately, there's a simple fix. Also near the end of 500.daily, there is a command to call up another file named /etc/daily.local. This file is intended to execute additional commands for specific machines on a daily basis, and it may or may not already exist on your Mac. Either way, let's edit (or create) it with the following command in the terminal: 

sudo nano /etc/daily.local

The contents of this file are pretty simple. 

launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
sleep 1
launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

Save and exit. This script stops and restarts the syslogd process via launchd so that it once again will listen for external logging messages. This script differs just a bit from the commands we used at the terminal. Since 500.daily runs as root and calls up daily.local, daily.local also runs as root, so the sudo command is not needed for launchctl. Also, we've inserted a sleep command to give the computer a second to catch its breath.

Finally, the daily.local script needs to be made executable with the following command: 

sudo chmod 744 /etc/daily.local

That's it. Done. You are now logging away. Good job.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Tunnelblick 3.8.2a - GUI for OpenVPN.
Tunnelblick is a free, open source graphic user interface for OpenVPN on OS X. It provides easy control of OpenVPN client and/or server connections. It comes as a ready-to-use application with all... Read more
calibre 4.17.0 - Complete e-book library...
Calibre is a complete e-book library manager. Organize your collection, convert your books to multiple formats, and sync with all of your devices. Let Calibre be your multi-tasking digital librarian... Read more
MacPilot 11.1.4 - $15.96
MacPilot gives you the power of UNIX and the simplicity of Macintosh, which means a phenomenal amount of untapped power in your hands! Use MacPilot to unlock over 1,200 features, and access them all... Read more
Transmission 3.00 - Popular BitTorrent c...
Transmission is a fast, easy, and free multi-platform BitTorrent client. Transmission sets initial preferences so things "just work", while advanced features like watch directories, bad peer blocking... Read more
Doom 3 1.3.1 - First-person shooter acti...
A massive demonic invasion has overwhelmed the Union Aerospace Corporation's (UAC) Mars Research Facility, leaving only chaos and horror in its wake. As one of only a few survivors, you must fight... Read more
Box Sync 4.0.8004 - Online synchronizati...
Box Sync gives you a hard-drive in the Cloud for online storage. Note: You must first sign up to use Box. What if the files you need are on your laptop -- but you're on the road with your iPhone? No... Read more
LibreOffice 6.4.4.2 - Free, open-source...
LibreOffice is an office suite (word processor, spreadsheet, presentations, drawing tool) compatible with other major office suites. The Document Foundation is coordinating development and... Read more
Day One 4.14 - Maintain a daily journal.
Day One is an easy, great-looking way to use a journal / diary / text-logging application. Day One is well designed and extremely focused to encourage you to write more through quick Menu Bar entry,... Read more
MenuMeters 2.0.7 - CPU, memory, disk, an...
MenuMeters is a set of CPU, memory, disk, and network monitoring tools for Mac OS X. Although there are numerous other programs which do the same thing, none had quite the feature set I was looking... Read more
Doxie 2.12.2 - Scan, share, and store do...
Introducing Doxie, the new, modern paper scanner that's so simple, it'll revolutionize the way you think about sharing and storing docs and photos forever. Doxie is ultra-portable, fully automatic,... Read more
 

Latest Forum Discussions

See All

SINoALICE, Yoko Taro and Pokelabo's...
Yoko Taro and developer Pokelabo's SINoALICE has now opened for pre-registration over on the App Store. It's already amassed 1.5 million Android pre-registrations, and it's currently slated to launch on July 1st. [Read more] | Read more »
Masketeers: Idle Has Fallen's lates...
Masketeers: Idle Has Fallen is the latest endeavour from Appxplore, the folks behind Crab War, Thor: War of Tapnarok and Light A Way. It's an idle RPG that's currently available for Android in Early Access and will head to iOS at a later date. [... | Read more »
Evil Hunter Tycoon celebrates 2 million...
Evil Hunter Tycoon has proved to be quite the hit since launching back in March, with its most recent milestone being 2 million downloads. To celebrate the achievement, developer Super Planet has released a new updated called Darkness' Front Yard... | Read more »
Peak's Edge is an intriguing roguel...
Peak's Edge is an upcoming roguelike puzzle game from developer Kenny Sun that's heading for both iOS and Android on June 4th as a free-to-play title. It will see players rolling a pyramid shape through a variety of different levels. [Read more] | Read more »
Clash Royale: The Road to Legendary Aren...
Supercell recently celebrated its 10th anniversary and their best title, Clash Royale, is as good as it's ever been. Even for lapsed players, returning to the game is as easy as can be. If you want to join us in picking the game back up, we've put... | Read more »
The Magic Gladiator class arrives in MU...
The Magic Gladiator class is now available in MU Origin 2 following the most recent patch. It also marks the start of Abyss Season 11 and the introduction of Couple Skills and Couple Dungeons. [Read more] | Read more »
The 5 Best Racing Games
With KartRider Rush+ making a splash this past week, we figured it was high time we updated our list of the best mobile racing games out there. From realistic racing sims to futuristic arcade racers (and even racing management games!), check out... | Read more »
KartRider Rush+ Guide - Tips for new rac...
KartRider Rush+ continues to be a surprisingly refreshing and fun kart racer that's entirely free-to-play. The main reason for this is just how high its skill ceiling is. Check out the video above if you're curious to know what top level play looks... | Read more »
KartRider Rush+ might be good, actually?
It's hard to find good racing games on mobile. Most of them are free-to-play, and free-to-play racers generally suck. Even Nintendo couldn't put together a competent Mario Kart game, opting instead for a weird score chaser that resembles--but feels... | Read more »
LifeAfter, NetEase's popular surviv...
A new map will be making its way into NetEase's popular survival game LifeAfter. The map is set to arrive on May 28th and will introduce a volcano that's teetering on the verge of eruption, bringing a host of added challenges to the game. [Read... | Read more »
See All

Price Scanner via MacPrices.net

Memorial Day Weekend Sale: Take $300 off thes...
Apple resellers are offering $300 discounts on select 16″ MacBook Pros as part of their Memorial Day Weekend 2020 sales. Prices start at $2099: – 16″ 2.6GHz 6-Core Space Gray MacBook Pro: $2099 at... Read more
Best Memorial Day Weekend 2020 Apple AirPods...
Apple resellers are offering discounts ranging up to $50 off MSRP on AirPods as part of their Memorial Day Weekend 2020 sales. These are the best deals today on various AirPods models. See our... Read more
Memorial Day Weekend Sale: 10″ Apple iPads fo...
Amazon is offering new 10.2″ iPads for $80-$100 off Apple’s MSRP as part of their Memorial Day Weekend 2020 sale, with prices starting at only $249. These are the same iPads sold by Apple in their... Read more
Memorial Day Weekend Sale: 2020 Apple iPhone...
Sprint is offering Apple’s new 2020 64GB iPhone SE for $0 per month for 18 months as part of their Memorial Day Weekend 2020 sale. New line of service and trade-in required. Offer is valid from 5/22/... Read more
Amazon’s popular $100 Apple Watch Series 5 di...
Amazon has Apple Watch Series 5 GPS + Cellular models on sale for up to $100 off Apple’s MSRP today. Shipping is free. These are the same Apple Watch models sold by Apple in their retail and online... Read more
2020 13″ 4-Core MacBook Air on sale for $949,...
Apple reseller Adorama has the new 2020 13″ 1.1GHz 4-Core Space Gray MacBook Air on sale today for $949 shipped. Their price is $50 off Apple’s MSRP, and it’s the lowest price currently available for... Read more
Apple Retail Chief Announces Staggered Reopen...
NEWS: 05.20.20 – In the midst of a global pandemic, after its retail outlets were shuttered temporarily in mid-March as a mitigation measure enacted by Apple during the peak of the spread of COVID-19... Read more
Apple’s Pro Display XDR models in stock today...
Abt Electronics has Apple’s new 32″ Pro Display XDR models in stock and on sale today for up to $305 off MSRP. Shipping is free. Their prices are currently the lowest available for these new models... Read more
Apple restocks refurbished iPhone 8 for $339
Apple has restocked Apple Certified Refurbished 64GB iPhone 8 models for only $339. Apple dropped their price on this phone last month by $160, from $499 to $339. Each refurbished iPhone comes with a... Read more
New at AT&T: 50% off iPhone 11 for new cu...
AT&T is offering a 50% off the 64GB iPhone 11 for new customers who switch to AT&T and open a new line of service. Discount applied over a 30 month period The fine print: “iPhone 11 64GB for... Read more
 

Jobs Board

Cub Foods - *Apple* Valley - Now Hiring Par...
Cub Foods - Apple Valley - Now Hiring Part Time! United States of America, Minnesota, Apple Valley New Retail Operations Post Date 5 days ago Requisition # Read more
Senior Data Engineer - *Apple* - Theorem, L...
Job Summary Apple is seeking an experienced, detail-minded data engineeringconsultant to join our worldwide business development and strategy team. If you are Read more
Cub Foods - *Apple* Valley - Now Hiring Par...
Cub Foods - Apple Valley - Now Hiring Part Time! United States of America, Minnesota, Apple Valley New Retail Operations Post Date 4 days ago Requisition # Read more
Medical Screener - *Apple* Hill - Evenings...
Medical Screener - Apple Hill - Evenings Tracking Code D-MS-AH-E Job Description Medical Screener - Temporary We Are Hiring: WellSpan Health has a temporary Medical Read more
*Apple* Systems Administrator - Solidus Tech...
Solidus is searching for an Apple Systems Engineer. The engineer will be responsible for desktop and server infrastructure. This includes support for operating Read more

  • Generate a short URL for this page:



All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.