Can't get syslog to work
I have been trying to get syslog to work to accept logging from my router (which is directed to syslog to the IP address of my primary Mac), but with no success.
I've gone through Aaron Adams' procedures:
http://www.aaronadams.net/index.php/2005/06/02/configuringsyslogd_to_accept_logsfrom
I've edited my /etc/syslog.conf file:
.err;kern.;auth.notice;authpriv,remoteauth,install.none;mail.crit /dev/console
*.notice;authpriv,remoteauth,ftp,install.none;kern.debug;mail.criti /var/log/system.log
# COMMENT this out for now to see any local4 messages on system log?
# ;local4.none
# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out this line.
#.err;kern.;auth.notice;authpriv,remoteauth.none;mail.crit /dev/tty.serial
# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
authpriv.*;remoteauth.crit /var/log/secure.log
lpr.info /var/log/lpr.log
mail.* /var/log/mail.log
ftp.* /var/log/ftp.log
netinfo.err /var/log/netinfo.log
install.* /var/log/install.log
install.* @127.0.0.1:32376
local0.* /var/log/ipfw.log
*.emerg *
local0.* /var/log/Airport.log
local4.* /var/log/local4.log
# DEBUG: what happens on the other local facilities?
local1.* /var/log/local1.log
local2.* /var/log/local2.log
local3.* /var/log/local3.log
local5.* /var/log/local5.log
local6.* /var/log/local6.log
local7.* /var/log/local7.log
I've re-loaded /System/Library/LaunchDaemons/com.apple.syslogd.plist, and edited /etc/daily.local, and those mechanisms are working, but always local4.log is an empty file. Empty log files exist in /var/log:
$ ls -al /var/log | grep "local"
-rw-r--r-- 1 root wheel 0 Dec 11 11:56 local1.log
-rw-r--r-- 1 root wheel 41975 Mar 16 16:38 local2.log
-rw-r--r-- 1 root wheel 0 Dec 11 11:56 local3.log
-rw-r--r-- 1 root wheel 0 Mar 20 03:15 local4.log
-rw-r--r-- 1 root wheel 0 Dec 11 11:56 local5.log
-rw-r--r-- 1 root wheel 0 Dec 11 11:56 local6.log
-rw-r--r-- 1 root wheel 0 Dec 11 11:56 local7.log
netstat shows two syslog connections:
$netstat -f inet -a | grep "syslog"
udp4 0 0 *.syslog .
udp46 0 0 *.syslog .
But a port scan (Apple network Utility) from another LAN computer doesn't show port 514 open. I am not running Apple's software firewall.
It seems to me that without port 514 open, I'll never get anything, but how do I open it. I had assumed that all of the syslog set-up gyrations would cause it to be open.
Any ideas?
G4 "Gigabit" Dual-500 Mac OS X (10.4.8) 1.5GB RAM, 1TB internal, SCSI, 802.11g, USB2.0
Your question about local4 got me to dig further into a few things.
Aaron Adams has a couple of good posts on how to set up the syslog.conf and daily actions:
http://www.aaronadams.net/index.php/2005/06/02/configuringsyslogd_to_accept_logsfrom
But the following article is what got me on the local4 bandwagon (I don't know why it assumes local4 would be used):
http://www.macosxhints.com/article.php?story=20060327074531639
As we now know nothing happens on local4 unless it is specifically set up to do so. The following article has the best big-picture summary and references on how to handle logs from different sources (i.e., setting up syslog to redirect messages from the IP address of my router to a special log:
http://macosx.com/forums/howto-faqs/47791-howto-syslog-remote-events-etc.html
Anyway, to make a long story short, the router IS actually sending to syslog (I was expecting messages in local4 and never saw anything in syslog because it only shows *.notice and above, and the router mainly spews out *.info. It took a bunch of playing with tcpdump to figure it out (I can't seem to get tcpflow to show UDP, even though the man page says it uses the same library and expresions as tcpdump). So everything is good now, messages are coming in to a special log and overwhelming syslog, logs get rotated properly overnight, with some filtering I get the distilled info I want, and via GeekTool even see it on my desktop in real-time. Thanks for your help!
Similar Messages
-
Have entrourage and want to use Mail. Can't get it to work.
I had a macbook and purchased the Microsoft office for Mac which included Entrourage.
I have now purchased a new macbook Pro and want to begin to use Mail rather than Entrourage.
I have Entrourage on my new computer but i can't get it to transfer my information to the the Mail program
I am on Charter.net at my office and sbcglobal.net at home.
How can i get this to work. I can receive on Mail, but i can't send.check your outgoing port settings and make sure it's using a specific port and not the default port, also you might want to check to see if it is using SSL, TLS or any other encryption. Verify the setting from your old machine setup.
-
got my password wrong twice and my mini is disable. I connected to iTunes, but can't get it to work. Can some one guide my through?
If it's showing the red disabled screen due to incorrect passcodes then you may need to put the iPad into recovery mode : http://support.apple.com/kb/ht1808 - you should then be able to reset the iPad via your computer's iTunes and restore/resync your content to it
-
HT1151 i have a new apple external dvd drive, and i can't get it to work with my iMac?
I have a new apple dvd drive, I was told it will work with my imac, but when i plug it in ...nothing... iv been for update... still nothing. How can i get it to work???
If it is this drive, note that it is for MBA's and Mini's only:
http://store.apple.com/us/product/MC684ZM/A
Ciao. -
Is there a way to reset my messages account, I can't get iMessage to work on IPad nor Mac osx. Help please this is really frustrating.
Hi,
Is there an iPhone involved ?
If not, what happens if you remove the Apple ID on the iPad and then set it in Airplane Mode (allow a couple of minutes at this point) followed by re-adding the Apple ID ?
What, if any error messages are appearing on the Mac when you try to launch the App or Login to the iMessages server ?
Is the Apple ID linked to an iCloud account ?
In Messages 7 (Mountain Lion) this did not seem to be important but it seems it is in Mavericks/Messages 8
9:14 pm Friday; April 11, 2014
iMac 2.5Ghz i5 2011 (Mavericks 10.9)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
Couple of iPhones and an iPad -
I bought an IR receiver and an Apple Remote, and I can't get it to work. What am I doing wrong?
I bought an IR receiver and an Apple Remote, and I can't get it to work. What am I doing wrong? The receiver is a Lenovo eHome OVU430006/01 USB IR Receiver.
Hello,
You would need to pair the Apple Remote with the receiver. So I would use the generic Mac/PC receiver and follow these instructions:
http://support.apple.com/kb/HT1619
If that doesn't work then check in System Profiler to see if the IR receiver has been recognized by the PowerBook's hardware. You may require the install of drivers for this device to be recognized.
Best of luck -
I have a go daddy email account and I can't get it to work on my iPad
I have a go daddy email account and I can't get it to work on my iPad
Try turning the email account off and then turn it on again. Settings>Mail, Contacts, Calendars>select your gmail account>Off. Go to the mail app and then come back to the account in the settings and turn it on again.
If you can't find any other way for the iPad to accept the password, delete the email account and then add it back onto the iPad. -
I have a Mac Mini and I can't get it to work with my Ricoh Aficio MP 161. Any ideas?
I have a Mac Mini and I can't get it to work with my Ricoh Aficio MP 161. Any ideas?
The latest Apple driver support begins with the MP 171.
Here is Ricoh's official driver download page specifically for the Afico MP 161. Note that new drivers for this device were released on Aug 2, and include Lion and Mountain Lion.
Hopefully, this will solve your device issues. -
Iphone 5 went black. Tried pushing on/off and circle at the same time. Worked yesterday and then did it again today. Can't get it to work.
You need to hold those button longer until you see the apple logo, then release, then wait for the phone to boot back up.
-
I just bought a new computer and had files transferred along with itunes to the new computer. I can't get it to work. It doesn't recognize the extensions for itunes. I also tried downloading Quicktime and couldn't get it to download.
iOS: Device not recognized in iTunes for Windows
I would start with:
Removing and reinstalling iTunes, QuickTime, and other software components for Windows Vista or Windows 7 -
I bought a DataPilot to transfer my pictures from my phone to my macbook, and I can't get it to work
I bought a DATAPILOT to transfer pictures to my macbook and can't get it to work. Any suggestions please?
Best if you try and explain what you are trying to acheive.
Iphoto is a different paradigm than you're used to. I don't understand why you are trying to transfer your edited photos back to an external disk.
There are tutorials here
http://www.apple.com/findouthow/photos/
Regards
TD -
I have signed up for adobe conversion to microsoft word and i can't get it to work - can you help me
I have signed up for adobe conversion to microsoft word and I can not get it to work - can you help me?
Hi Mike,
I've checked your account. I see that you just purchased the subscription this morning. The order is still pending processing, which is why you haven't yet been able to log in an use your subscription. It can take 24-48 hours for a subscription to process fully. Once it does, you'll be able to log in and convert files.
I apologize for the inconvenience.
Best,
Sara -
Trying to connect 2010 Mac mini to alba hd tv but can't get it to work, any theories?
Trying to connect 2010 Mac mini to alba hd tv but can't get it to work, any theories?
Welcome to the Apple Community.
The iPad 1 is only able to do basic AirPlay, many providers of programming have blocked their apps from working with AirPlay. -
I just bought Quick time Pro and I can't get it to install. It shows a yellow box in my application folder, but I can't get it to work. Help!
you launch QT then go to its REGISTRATION
-
Just downloaded Sales Call Manager App...I can't get it to work on either my Iphone 4S or My Ipad 2?
Downloaded the App Sales Call Manager. I can't get it to work on either my Iphone 4s or my Ipad2? Can anybody advise how to fix or even get back my money that i paid for it?
Contact the app developer for support. A link to their website will be in the apps description in the AppStore.
Maybe you are looking for
-
Using a filechooser in an applet
Is it possible to use a filechooser for an applet save button? If so how can you do it? So far I have only been able to use the filechooser object with JFrame and not JApplet.
-
Thanks, the write-up was informative, But it do not answer for my question, that is where to look for serial # on my Macbook Pro Mid 2010 White Unibody Core 2 Duo 2.4 GHz 13.3"? Its not on bottom-case and the above article does not mention this model
-
Reading attachments from CFolders(SRM) to ECC(PO)
Hi All, I have a requirement where i need to read the attachments from SRM to ECC. When the bidders bid, they attach files in SRM, these files are saved in the C-Folders in SRM Box.(No DMS) Now, when the PO is created from the RFx, the attached files
-
Accented characters do not display correctly
Hello, I created a report in CR with an Oracle8i ODBC connection (version 8.01.74.00). The strange thing is that accented characters are displayed weird in the report although the characters are just fine when I look at them via sqlplus. At first I t
-
I am having problems with my apple ID. When I try to download anything at apple store, it opens sthg saying that the update is not available with this apple ID... What should I do?