syslogd, OS X's logging daemon, is 'challenged' in a few ways:
There are currently two braches of syslog-ng. The 1.6.4 branch is the one I used here, it's released as a stable branch and seems to be actively developed/suppported, and has fairly simple prereqs. The 1.9x branch is experimental, and looks like its based on glib (I didn't have the stomcah for the pain of it all). syslog-ng (1.6.4 branch) prereq is libol, by the same author. For reference, my relevant system config include:
> uname -srv
Darwin 7.4.0 Darwin Kernel Version 7.4.0: Wed May 12 16:58:24 PDT 2004; root:xnu/xnu-517.7.7.obj~7/RELEASE_PPC
> glibtool --version
ltmain.sh (GNU libtool) 1.5.6 (1.1220.2.94 2004/04/10 16:27:27)
> autoconf --version
autoconf (GNU Autoconf) 2.59
> automake --version
automake (GNU automake) 1.8.5
I've also built a full BIND9 release, against which I link here. Historically, Apple's BIND release has been incomplete ... whether that is still true or not, I can't say. You may be able to link against the OSX/Panther install, but I'm not sure. Here we go...
> gnutar zxf libol-0.3.13.tar.gz
> cd libol-0.3.13
> unsetenv CFLAGS CPPFLAGS CXX CXXFLAGS LDFLAGS LDDLFLAGS \
LD_PREBIND EXTRA_LDFLAGS EXTRA_LIBS LC_ALL LANG LINGUAS
> glibtoolize --force --copy ;\
aclocal ;\
autoconf
> ./configure \
--prefix=/usr/local
> make
> make install
Next, syslog-ng itself. Note: I'm building to enable tcp-wrapper, so we can easily limit who gets to 'talk' to us. Download the latest version (frequent snapshots ... grab the latest), then in the Terminal:
> gnutar zxvf syslog-ng-1.6.4+20040707.tar.gz
> mv syslog-ng-1.6.4+20040707 syslog-ng
> cd syslog-ng
> unsetenv CFLAGS CPPFLAGS CXX CXXFLAGS LDFLAGS LDDLFLAGS LD_PREBIND \
EXTRA_LDFLAGS EXTRA_LIBS LC_ALL LANG LINGUAS ;\
setenv LDFLAGS "-bind_at_load -L/usr/local/bind9/lib -llwres -lbind" ;\
setenv CPPFLAGS "-I/usr/local/bind9/include"
> ./configure \
--prefix=/usr/local \
--enable-debug \
--enable-tcp-wrapper
> make
> make install
And that's it for the build.
Most important is the config file, required by the daemon. There are so many config options that I'll simply recommend RTFM and the examples, and provide a 'simple' config file example that should get you up and running as a drop-in replacement (or pretty close) for your current logging. Here's the replacement file; it belongs in /etc -> syslog-ng -> syslog-ng.conf.
Finally a couple of things ... Make sure /etc/hosts.allow and /etc/hosts.deny are properly configured to allow the hosts you're interested in logging through to your logging server. Also, the 'traditional' startup for syslogd, in /System -> Library -> StartupItems -> SystemLog -> SystemLog, although still there, is no longer where syslogd is launched (look inside the file; it's an empty wrapper). In Panther, syslogd is launched in /etc/rc. Around line number 111, you'll find:
/usr/sbin/syslogd -s -m 0 -u
Comment that out and add/replace with
/usr/local/sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -p /var/run/syslog-ng.pid
which will launch your syslog-ng daemon in its stead. Kill and launch, or reboot and watch your logs grow. Good luck, and enjoy!
Mac OS X Hints
http://hints.macworld.com/article.php?story=20040710171559860