First we had this hint on how to enable remote system event logging in whatever version of OS X was current in April '02. Then we had this hint to update it for Panther. Well, now we are into Tiger, and it's changed again.
I found this article on AFP548.com by Aaron Adams documenting the differences. So here are the updated instructions combining the past hint with what I learned from Aaron's article...
Here's what you need to do:
sudo cp /System/Library/LaunchDaemons/com.apple.syslogd.plist ~/Desktop/
Here is the restore line, if you need it:
sudo cp ~/Desktop/com.apple.syslogd.plist /System/Library/LaunchDaemons/sudo nano /System/Library/LaunchDaemons/com.apple.syslogd.plist<string>/usr/sbin/syslogd</string>
...and add the following directly below it:
<string>-u</string>sudo launchctl unload \
/System/Library/LaunchDaemons/com.apple.syslogd.plist
sudo launchctl load \
/System/Library/LaunchDaemons/com.apple.syslogd.plistsudo nano /etc/daily.local
See sample daily.local at end of this document, and remember to modify the log storage location as desired.*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit /dev/console
*.notice;*.info;authpriv,remoteauth,ftp.none;kern.debug;mail.crit;local4.none /var/log/system.log
# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out this line.
#*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit /dev/tty.serial
# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
authpriv.*;remoteauth.crit /var/log/secure.log
lpr.info /var/log/lpr.log
mail.* /var/log/mail.log
ftp.* /var/log/ftp.log
netinfo.err /var/log/netinfo.log
local4.* /var/log/whatevernameyoulike.log
# *.emerg *
/bin/mv /var/log/whatevernameyoulike.log /Volumes/Macintosh\ HD/Saved\ Logs/`/bin/date +%m%d%y`.txt
launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
sleep 1
launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
/usr/sbin/chown yourusername /Volumes/Macintosh\ HD/Saved\ Logs/`/bin/date +%m%d%y`.txt
/usr/bin/chgrp admin /Volumes/Macintosh\ HD/Saved\ Logs/`/bin/date +%m%d%y`.txtMac OS X Hints
http://hints.macworld.com/article.php?story=20060327074531639