First off, what is remote logging? Well if you look at your /etc/syslog.conf file you can see that certain events are being logged to /var/log/system.log. You can get more info on what the items in syslog.conf mean by looking at man syslog.conf. Remote logging is sending those events to another machine so that if you are cracked, the cracker can not erase his/her steps because they would have to crack the remote machine as well.
Read the rest of the article for the how-to...
First you will need to setup the remote box so that it will accept remote logs being sent to it. You do that by modifying the /System/Library/StartupItems/SystemLog file. Change the line that says syslogd to say syslogd -u. You will then need to restart your Mac, or you can kill and relaunch syslogd with the -u switch.
Also you will need to make sure that your firewall (you are running a firewall on this logging server aren't you?) has port 514 open to receive UDP connections from your clients. It is probably best to set it to only accept connections from your local machines and not from 'any' since 'any' would open you up so attackers could remotely fill your logs.
Second, on the client you will need to add a line to the syslog.conf file. What I did was duplicate the line that was logging to /var/log/system.log and changed it to:
*.notice;*.info;authpriv,remoteauth,ftp.none;kern.debug;mail.crit @remote.logger.domainThe '@' tells syslogd to send the event to another computer instead of to a file. Now whenever your machine logs an event it will also send that event to a remote machine which will log it as well. You can also have your Linux, Sun, AIX, and any other unix boxes send their logs to your secure Mac OS X logger.
[Editor's note: I have not tested this locally, but this sounds like a great idea if you'd like to make sure you have log files in the event of a hack...]

