10.4: Enable remote logging in 10.4

Mar 31, '06 06:16:00AM

Contributed by: Loren

Tiger only hintFirst we had this hint on how to enable remote system event logging in whatever version of OS X was current in April '02. Then we had this hint to update it for Panther. Well, now we are into Tiger, and it's changed again.

I found this article on AFP548.com by Aaron Adams documenting the differences. So here are the updated instructions combining the past hint with what I learned from Aaron's article...

Here's what you need to do:

  1. Edit the /etc/syslog.conf file to include local4.none in the second line, and to redirect the output of local4.* to /var/log/whatever.log (replace whatever with a name of your choice). There's a sample syslog.conf file at end of this hint.

  2. Create the Saved Logs folder in the desired location. In my example, it's at the root of the Macintosh hard driv.

  3. Back up the daemon file to the desktop:
    sudo cp /System/Library/LaunchDaemons/com.apple.syslogd.plist ~/Desktop/ 
    Here is the restore line, if you need it:
    sudo cp ~/Desktop/com.apple.syslogd.plist /System/Library/LaunchDaemons/
  4. Edit the plist using the nano Unix editor:
    sudo nano /System/Library/LaunchDaemons/com.apple.syslogd.plist
  5. Scroll down to this line...
    <string>/usr/sbin/syslogd</string>
    ...and add the following directly below it:
    <string>-u</string>
  6. Save and exit.

  7. Use the following two lines to stop and restart the daemon:
    sudo launchctl unload \
     /System/Library/LaunchDaemons/com.apple.syslogd.plist
    sudo launchctl load \
     /System/Library/LaunchDaemons/com.apple.syslogd.plist
  8. Create or edit the /etc/daily.local to rotate the logs and restart the service:
    sudo nano /etc/daily.local
    See sample daily.local at end of this document, and remember to modify the log storage location as desired.
SAMPLE /etc/syslog.conf

*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit		/dev/console
*.notice;*.info;authpriv,remoteauth,ftp.none;kern.debug;mail.crit;local4.none	/var/log/system.log

# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out this line.
#*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit            /dev/tty.serial

# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
authpriv.*;remoteauth.crit				/var/log/secure.log

lpr.info						/var/log/lpr.log
mail.*							/var/log/mail.log
ftp.*							/var/log/ftp.log
netinfo.err						/var/log/netinfo.log
local4.*						/var/log/whatevernameyoulike.log

# *.emerg						*

SAMPLE /etc/daily.local -- Change yourusername to your own username to give you rights to the saved log files.

/bin/mv /var/log/whatevernameyoulike.log /Volumes/Macintosh\ HD/Saved\ Logs/`/bin/date +%m%d%y`.txt

launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
sleep 1
launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

/usr/sbin/chown yourusername /Volumes/Macintosh\ HD/Saved\ Logs/`/bin/date +%m%d%y`.txt
/usr/bin/chgrp admin /Volumes/Macintosh\ HD/Saved\ Logs/`/bin/date +%m%d%y`.txt

Comments (10)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20060327074531639