Nov 27, '03 09:42:00AM • Contributed by: Loren
There's a great hint here about making a Mac a remote logging machine for other Macs, firewalls, or anything capable of sending its logs elsewhere. Well, under Panther, enough has changed that it needs to be done a little differently. Specifically, the /System -> Library -> StartupItems -> SystemLog file that is referred to in the former hint is now empty, so there is no line to edit and make the hinted changes.Instead, do this:
Edit /etc/rc and change line 110 from:
/usr/sbin/syslogd -s -m 0<
The other stuff from the previous hint about editing /etc/syslog.conf is still valid. Read the rest of the hint for my syslog.conf file and a cron job to manage the generated logs.
Here is my syslog.conf file. My network engineer set our Pix firewall to send its data to my IP address as local4. I route that to a file called pix.log in my /var/log directory, and I have a cron job archive the file and clear it nightly.
Oh, what the heck. Here is the nightly job that moves the file, renames it with the date, and creates a new empty log to capture incoming data...
*************** *.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit /dev/console *.notice;*.info;authpriv,remoteauth,ftp.none;kern.debug;mail.crit;local4.none /var/log/system.log # Send messages normally sent to the console also to the serial port. # To stop messages from being sent out the serial port, comment out this line. #*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit /dev/tty.serial # The authpriv log file should be restricted access; these # messages shouldn't go to terminals or publically-readable # files. authpriv.*;remoteauth.crit /var/log/secure.log lpr.info /var/log/lpr.log mail.* /var/log/mail.log ftp.* /var/log/ftp.log netinfo.err /var/log/netinfo.log local4.* /var/log/pix.log # *.emerg *
#Script File to move the pix log #First, moves the file and changes the name #Then creates a new empty log #Then restarts the syslogd daemon. #Then changes the ownership and the group of the file /bin/mv /var/log/pix.log /Users/lfinkelstein/pix\ logs/`/bin/date +%m%d%y`.txt /usr/bin/touch /var/log/pix.log /usr/bin/killall -HUP syslogd /usr/sbin/chown lfinkelstein /Users/lfinkelstein/pix\ logs/`/bin/date +%m%d%y`.txt /usr/bin/chgrp admin /Users/lfinkelstein/pix\ logs/`/bin/date +%m%d%y`.txt