|
#1
November 23rd, 2004, 07:22 PM
| |||
| |||
| [HOWTO] - Syslog remote events etc.
How to setup syslogd and syslog.conf to record remote and internal log events into individual log files using 10.3.6 I'd like to thank all those who created these various help posts. First turn on remote sysloging: http://docs.info.apple.com/article.html?artnum=107993 Note: http://developer.apple.com/documenta...syslogd.8.html Then open UDP port 514 if required: http://docs.info.apple.com/article.html?artnum=106439 Configure syslog.conf to log the events into a log file: http://www.macosxhints.com/article.p...40301223642276 http://forums.macosxhints.com/showthread.php?t=21236 My example: In syslog.conf, above the first log line: *.err;kern.*;auth.notice; (blah blah) add the folowing lines: # Log remote Airport Extreme #airport IP address +1.2.3.4 *.*<tab><tab>/var/log/AirportExtreme.log !* #end block # Log router #remote router IP address +1.2.3.5 *.*<tab><tab>/var/log/Router.log !* #end block #OS X Server services # IPFW Firewall !ipfw *.*<tab><tab>/var/log/ipfw.log !* #end block #CRON events (NOTE CASE) !CRON *.*<tab><tab>/var/log/RemoteFirewall.log !* #end block (etc.) You can then exclude the log messages so they don't appear in other logs (I don't) using: http://forums.macosxhints.com/showth...ghlight=syslog Remember to create (touch) the above log files. You may want to modify your daily and weekly log rotation: Ex. in 500.weekly look for this line and add your log file names: for i in ftp.log lookupd.log (blah blah) Again, the true authors: http://forums.macosxhints.com/showthread.php?t=21236 --> send IPFW to its own log http://www.macosxhints.com/article.p...40301223642276 --> how to receive from remote hosts http://www.oit.duke.edu/mac/OSX_logging.html --> Start and Stop syslogd etc. http://docs.info.apple.com/article.html?artnum=107993 --> Turn on remote syslog server http://forums.macosxhints.com/showth...ghlight=syslog --> exclude log events and most important the missing OS X syslog.conf man page! http://www.freebsd.org/cgi/man.cgi?q...ts&format=html I hope this helps...  |
|
#2
November 24th, 2004, 11:09 PM
| ||||
| ||||
|
Weird - that's nothing like the syslogd manpage that's actually included with 10.3.6 - check the manpage, it's tiny, for some much more minimal syslogd - it has about 4 flags, compared to, what, 16 on their webpage? And even the syslog.conf manpage on apple's developer site doesn't include the !program stuff - one of the macosxhints forums you link to quotes FreeBSD distro's syslog.conf manpage, which seems to correspond to the version OS X uses...
__________________ What is the robbing of a bank compared to the founding of a bank? -- Bertold Brecht |
|
#3
October 1st, 2006, 11:02 AM
| |||
| |||
|
I believe that in the example above, it should show +* to end the IP blocks. #So IP block start +1.2.3.4 #whatever the actual IP address is #and end +* #Program block start !ipfw #or whatever actual program name is #Program block end !* At least this seems to be the behaviour in Tiger. Last edited by Bubz; October 1st, 2006 at 11:03 AM. Reason: Clarification |
 |
| Bookmarks |
| Thread Tools | |
|
|
All times are GMT -5. The time now is 01:07 PM.
