* Cary, Kim <Kim.Cary@pepperdine.edu>
However, I'm not grokking Darwin compared to Solaris/Linux and syslog- ng configs compared to vanilla syslog. I'm not finding much on searches that helps. The man pages for the O/S seem like they come from BSD but don't apply (see log sockets which don't exist ). I'm not a C programmer and am a bit lost trying to go to syslog.h . Little help here?
Solaris and Linux are a poor reference for how to configure things on Mac OS X, as Mac OS X is based on BSD, not SysV.
I DONT KNOW THE RIGHT SOCKET/DEVICE OR PROTOCOL There is no /var/run/log or /dev/log. There is a /dev/klog but I get io.c: bind_unix_socket(): /dev/klog not a socket
The easiest method to see how logging works on a particular unix platform is by watching the system calls made by the logger(1) command. Apple includes the usual BSD ktrace(2) and kdump(1) commands: $ ktrace logger "hello world" $ kdump -f ktrace.out This file eventually will show the file "/var/run/syslog" being connected to, which is where Apple utilities have been compiled to log by default. If you start up the old syslog daemon, you should see it bound to that file as a socket: $ file /var/run/syslog /var/run/syslog: socket However, this does not answer what sort of socket the file is, which will be either a unix-stream() or a unix-dgram(). Seeing as Mac OS X has BSD roots, unix-dgram() would be a good first choice, which turns out to be what OS X uses to log with additional testing with logger(1). The following is what I use on my laptop: source local { unix-dgram("/var/run/syslog"); udp(ip(127.0.0.1) port(514)); internal(); } Have not yet looked at getting kernel logging working on OS X.