DanInSFBay
11-23-2004, 06:53 PM
I just thought I'd post a short HowTo since this forum has helped me so much. I'd like to thank all those who created these various help posts.
I'm using 10.3.6
First turn on remote sysloging:
http://docs.info.apple.com/article.html?artnum=107993
Note:
http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/syslogd.8.html
Then open UDP port 514 if required:
http://docs.info.apple.com/article.html?artnum=106439
Configure syslog.conf to log the events into a log file:
http://www.macosxhints.com/article.php?story=20040301223642276
http://forums.macosxhints.com/showthread.php?t=21236
My example:
In syslog.conf, above the first log line:
*.err;kern.*;auth.notice; (blah blah)
add the folowing lines:
# Log remote Airport Extreme
#airport IP address
+1.2.3.4
*.*<tab><tab>/var/log/AirportExtreme.log
!* #end block
# Log router
#remote router IP address
+1.2.3.5
*.*<tab><tab>/var/log/Router.log
!* #end block
#OS X Server services
# IPFW Firewall
!ipfw
*.*<tab><tab>/var/log/ipfw.log
!* #end block
#CRON events (NOTE CASE)
!CRON
*.*<tab><tab>/var/log/RemoteFirewall.log
!* #end block
(etc.)
You can then exclude the log messages so they don't appear in other logs (I don't) using:
http://forums.macosxhints.com/showthread.php?t=25815&highlight=syslog
Remember to create (touch) the above log files.
You may want to modify your daily and weekly log rotation:
Ex. in 500.weekly look for this line and add your log file names:
for i in ftp.log lookupd.log (blah blah)
Again, the true authors:
http://forums.macosxhints.com/showthread.php?t=21236 --> send IPFW to its own log
http://www.macosxhints.com/article.php?story=20040301223642276 --> how to receive from remote hosts
http://www.oit.duke.edu/mac/OSX_logging.html --> Start and Stop syslogd and etc.
http://docs.info.apple.com/article.html?artnum=107993 --> Turn on remote syslog server
http://forums.macosxhints.com/showthread.php?t=25815&highlight=syslog --> exclude log events
and most important the missing OS X syslog.conf man page!
http://www.freebsd.org/cgi/man.cgi?query=syslog.conf&apropos=0&sektion=0&manpath=FreeBSD+5.3-RELEASE+and+Ports&format=html
I hope this helps...
I'm using 10.3.6
First turn on remote sysloging:
http://docs.info.apple.com/article.html?artnum=107993
Note:
http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/syslogd.8.html
Then open UDP port 514 if required:
http://docs.info.apple.com/article.html?artnum=106439
Configure syslog.conf to log the events into a log file:
http://www.macosxhints.com/article.php?story=20040301223642276
http://forums.macosxhints.com/showthread.php?t=21236
My example:
In syslog.conf, above the first log line:
*.err;kern.*;auth.notice; (blah blah)
add the folowing lines:
# Log remote Airport Extreme
#airport IP address
+1.2.3.4
*.*<tab><tab>/var/log/AirportExtreme.log
!* #end block
# Log router
#remote router IP address
+1.2.3.5
*.*<tab><tab>/var/log/Router.log
!* #end block
#OS X Server services
# IPFW Firewall
!ipfw
*.*<tab><tab>/var/log/ipfw.log
!* #end block
#CRON events (NOTE CASE)
!CRON
*.*<tab><tab>/var/log/RemoteFirewall.log
!* #end block
(etc.)
You can then exclude the log messages so they don't appear in other logs (I don't) using:
http://forums.macosxhints.com/showthread.php?t=25815&highlight=syslog
Remember to create (touch) the above log files.
You may want to modify your daily and weekly log rotation:
Ex. in 500.weekly look for this line and add your log file names:
for i in ftp.log lookupd.log (blah blah)
Again, the true authors:
http://forums.macosxhints.com/showthread.php?t=21236 --> send IPFW to its own log
http://www.macosxhints.com/article.php?story=20040301223642276 --> how to receive from remote hosts
http://www.oit.duke.edu/mac/OSX_logging.html --> Start and Stop syslogd and etc.
http://docs.info.apple.com/article.html?artnum=107993 --> Turn on remote syslog server
http://forums.macosxhints.com/showthread.php?t=25815&highlight=syslog --> exclude log events
and most important the missing OS X syslog.conf man page!
http://www.freebsd.org/cgi/man.cgi?query=syslog.conf&apropos=0&sektion=0&manpath=FreeBSD+5.3-RELEASE+and+Ports&format=html
I hope this helps...