
I found this article on AFP548.com by Aaron Adams documenting the differences. So here are the updated instructions combining the past hint with what I learned from Aaron's article...
Here's what you need to do:
- Edit the /etc/syslog.conf file to include local4.none in the second line, and to redirect the output of local4.* to /var/log/whatever.log (replace whatever with a name of your choice). There's a sample syslog.conf file at end of this hint.
- Create the Saved Logs folder in the desired location. In my example, it's at the root of the Macintosh hard driv.
- Back up the daemon file to the desktop:
Here is the restore line, if you need it:sudo cp /System/Library/LaunchDaemons/com.apple.syslogd.plist ~/Desktop/
sudo cp ~/Desktop/com.apple.syslogd.plist /System/Library/LaunchDaemons/
- Edit the plist using the nano Unix editor:
sudo nano /System/Library/LaunchDaemons/com.apple.syslogd.plist
- Scroll down to this line...
...and add the following directly below it:<string>/usr/sbin/syslogd</string>
<string>-u</string>
- Save and exit.
- Use the following two lines to stop and restart the daemon:
sudo launchctl unload \ /System/Library/LaunchDaemons/com.apple.syslogd.plist sudo launchctl load \ /System/Library/LaunchDaemons/com.apple.syslogd.plist
- Create or edit the /etc/daily.local to rotate the logs and restart the service:
See sample daily.local at end of this document, and remember to modify the log storage location as desired.sudo nano /etc/daily.local
*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit /dev/console
*.notice;*.info;authpriv,remoteauth,ftp.none;kern.debug;mail.crit;local4.none /var/log/system.log
# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out this line.
#*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit /dev/tty.serial
# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
authpriv.*;remoteauth.crit /var/log/secure.log
lpr.info /var/log/lpr.log
mail.* /var/log/mail.log
ftp.* /var/log/ftp.log
netinfo.err /var/log/netinfo.log
local4.* /var/log/whatevernameyoulike.log
# *.emerg *
SAMPLE /etc/daily.local -- Change yourusername to your own username to give you rights to the saved log files.
/bin/mv /var/log/whatevernameyoulike.log /Volumes/Macintosh\ HD/Saved\ Logs/`/bin/date +%m%d%y`.txt
launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
sleep 1
launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
/usr/sbin/chown yourusername /Volumes/Macintosh\ HD/Saved\ Logs/`/bin/date +%m%d%y`.txt
/usr/bin/chgrp admin /Volumes/Macintosh\ HD/Saved\ Logs/`/bin/date +%m%d%y`.txt