10.3: Enable remote logging features

Nov 27, '03 09:42:00AM

Contributed by: Loren

There's a great hint here about making a Mac a remote logging machine for other Macs, firewalls, or anything capable of sending its logs elsewhere. Well, under Panther, enough has changed that it needs to be done a little differently. Specifically, the /System -> Library -> StartupItems -> SystemLog file that is referred to in the former hint is now empty, so there is no line to edit and make the hinted changes.

Instead, do this:
Edit /etc/rc and change line 110 from:

/usr/sbin/syslogd -s -m 0<
to:

/usr/sbin/syslogd -u
The other stuff from the previous hint about editing /etc/syslog.conf is still valid. Read the rest of the hint for my syslog.conf file and a cron job to manage the generated logs.

Here is my syslog.conf file. My network engineer set our Pix firewall to send its data to my IP address as local4. I route that to a file called pix.log in my /var/log directory, and I have a cron job archive the file and clear it nightly.


***************
*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit                     /dev/console
*.notice;*.info;authpriv,remoteauth,ftp.none;kern.debug;mail.crit;local4.none   /var/log/system.log

# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out this line.
#*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit                    /dev/tty.serial

# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
authpriv.*;remoteauth.crit         /var/log/secure.log

lpr.info                           /var/log/lpr.log
mail.*                             /var/log/mail.log
ftp.*                              /var/log/ftp.log
netinfo.err                        /var/log/netinfo.log
local4.*                           /var/log/pix.log

# *.emerg                          *
Oh, what the heck. Here is the nightly job that moves the file, renames it with the date, and creates a new empty log to capture incoming data...

#Script File to move the pix log
#First, moves the file and changes the name
#Then creates a new empty log
#Then restarts the syslogd daemon.
#Then changes the ownership and the group of the file

/bin/mv /var/log/pix.log /Users/lfinkelstein/pix\ logs/`/bin/date +%m%d%y`.txt
/usr/bin/touch /var/log/pix.log
/usr/bin/killall -HUP syslogd
/usr/sbin/chown lfinkelstein /Users/lfinkelstein/pix\ logs/`/bin/date +%m%d%y`.txt
/usr/bin/chgrp admin /Users/lfinkelstein/pix\ logs/`/bin/date +%m%d%y`.txt

Comments (10)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20031119120851749