No logging on Snow Leopard except internal
Hi I'm trying to get syslog-ng working on snow leopard but when it starts all I get is internal messages. Using logger to send a message won't work nor will using another program. Both work with normal syslogd (which I have turned off so as not to conflict). I've also tried loggen -D localhost 514 and loggen -i localhost 514 to no avail. Here's the details: #/usr/local/Cellar/syslog-ng/3.2.4/sbin/syslog-ng -V syslog-ng 3.2.4 Installer-Version: 3.2.4 Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.2#master#ef7b91e4a1b1f9628c66138b4ae83de7e4c697c6 Compile-Date: Jan 16 2012 05:44:25 Enable-Threads: off Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-Sun-STREAMS: off Enable-IPv6: on Enable-Spoof-Source: off Enable-TCP-Wrapper: on Enable-SSL: on Enable-SQL: off Enable-Linux-Caps: off Enable-Pcre: on Enable-Pacct: off and here's the config #cat syslog-ng.conf ############################################################################# # Default syslog-ng.conf file which collects all local logs into a # single file called /var/log/messages. # @version: 3.2 @include "scl.conf" source s_local { system(); internal(); }; source s_network { udp(); }; destination d_local { file("/var/log/messages"); }; log { source(s_local); # uncomment this line to open port 514 to receive messages source(s_network); destination(d_local); }; I'm sure there's something stupid that I'm missing but I haven't been able to find it. Any thoughts? Thanks, Andrew
On Mon, 2012-01-16 at 10:54 -0500, Andrew Eberbach wrote:
Hi
I'm trying to get syslog-ng working on snow leopard but when it starts all I get is internal messages. Using logger to send a message won't work nor will using another program. Both work with normal syslogd (which I have turned off so as not to conflict). I've also tried loggen -D localhost 514 and loggen -i localhost 514 to no avail. Here's the details:
#/usr/local/Cellar/syslog-ng/3.2.4/sbin/syslog-ng -V syslog-ng 3.2.4 Installer-Version: 3.2.4 Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.2#master#ef7b91e4a1b1f9628c66138b4ae83de7e4c697c6 Compile-Date: Jan 16 2012 05:44:25 Enable-Threads: off Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-Sun-STREAMS: off Enable-IPv6: on Enable-Spoof-Source: off Enable-TCP-Wrapper: on Enable-SSL: on Enable-SQL: off Enable-Linux-Caps: off Enable-Pcre: on Enable-Pacct: off
and here's the config
#cat syslog-ng.conf ############################################################################# # Default syslog-ng.conf file which collects all local logs into a # single file called /var/log/messages. #
@version: 3.2 @include "scl.conf"
source s_local { system();
I'm not sure the system() macro supports Darwin, it is just executing a shell script, which outputs the configuration snippet to be used by syslog-ng itself. The script is installed $prefix/share/syslog-ng/include/scl/system/generate-system-source.sh Now as I've checked, it doesn't support Darwin, so no wonder it doesn't work there. IIRC MacOS uses unix-dgram() for its /dev/log device, but I'm not absolutely certain. -- Bazsi
Hi Yeah I figured as much. I guessed that Darwin would be FreeBSD-ish so I added that to the script but it didn't work. On OSX there's no /dev/log. I did an lsof|grep syslogd to see what it had open: /var/run/asl_input /var/run/syslog /dev/klog But none of those seemed to get the log messages. What I ended up doing is just forwarding everything through to syslog-ng over UDP from normal syslogd but that doesn't seem like it's The Right Way (tm). Anyway, thanks for getting back to me. If you do figure out a way to do it without having to have both running I'd be interested. Thanks, Andrew On Mon, Jan 16, 2012 at 4:59 PM, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Mon, 2012-01-16 at 10:54 -0500, Andrew Eberbach wrote:
Hi
I'm trying to get syslog-ng working on snow leopard but when it starts all I get is internal messages. Using logger to send a message won't work nor will using another program. Both work with normal syslogd (which I have turned off so as not to conflict). I've also tried loggen -D localhost 514 and loggen -i localhost 514 to no avail. Here's the details:
#/usr/local/Cellar/syslog-ng/3.2.4/sbin/syslog-ng -V syslog-ng 3.2.4 Installer-Version: 3.2.4 Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.2#master#ef7b91e4a1b1f9628c66138b4ae83de7e4c697c6 Compile-Date: Jan 16 2012 05:44:25 Enable-Threads: off Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-Sun-STREAMS: off Enable-IPv6: on Enable-Spoof-Source: off Enable-TCP-Wrapper: on Enable-SSL: on Enable-SQL: off Enable-Linux-Caps: off Enable-Pcre: on Enable-Pacct: off
and here's the config
#cat syslog-ng.conf ############################################################################# # Default syslog-ng.conf file which collects all local logs into a # single file called /var/log/messages. #
@version: 3.2 @include "scl.conf"
source s_local { system();
I'm not sure the system() macro supports Darwin, it is just executing a shell script, which outputs the configuration snippet to be used by syslog-ng itself.
The script is installed $prefix/share/syslog-ng/include/scl/system/generate-system-source.sh
Now as I've checked, it doesn't support Darwin, so no wonder it doesn't work there.
IIRC MacOS uses unix-dgram() for its /dev/log device, but I'm not absolutely certain.
-- Bazsi
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Mon, 2012-01-16 at 17:07 -0500, Andrew Eberbach wrote:
Hi
Yeah I figured as much. I guessed that Darwin would be FreeBSD-ish so I added that to the script but it didn't work. On OSX there's no /dev/log. I did an lsof|grep syslogd to see what it had open:
/var/run/asl_input /var/run/syslog /dev/klog
But none of those seemed to get the log messages. What I ended up doing is just forwarding everything through to syslog-ng over UDP from normal syslogd but that doesn't seem like it's The Right Way (tm).
Anyway, thanks for getting back to me. If you do figure out a way to do it without having to have both running I'd be interested.
It'd make sense to post what configuration you've tried. According to the page below [1], it should be: unix-dgram("/var/run/syslog"); Does that work for you? [1] http://72.14.189.113/howto/logging/syslog-ng/
Thanks, Andrew
On Mon, Jan 16, 2012 at 4:59 PM, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Mon, 2012-01-16 at 10:54 -0500, Andrew Eberbach wrote:
Hi
I'm trying to get syslog-ng working on snow leopard but when it starts all I get is internal messages. Using logger to send a message won't work nor will using another program. Both work with normal syslogd (which I have turned off so as not to conflict). I've also tried loggen -D localhost 514 and loggen -i localhost 514 to no avail. Here's the details:
#/usr/local/Cellar/syslog-ng/3.2.4/sbin/syslog-ng -V syslog-ng 3.2.4 Installer-Version: 3.2.4 Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.2#master#ef7b91e4a1b1f9628c66138b4ae83de7e4c697c6 Compile-Date: Jan 16 2012 05:44:25 Enable-Threads: off Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-Sun-STREAMS: off Enable-IPv6: on Enable-Spoof-Source: off Enable-TCP-Wrapper: on Enable-SSL: on Enable-SQL: off Enable-Linux-Caps: off Enable-Pcre: on Enable-Pacct: off
and here's the config
#cat syslog-ng.conf ############################################################################# # Default syslog-ng.conf file which collects all local logs into a # single file called /var/log/messages. #
@version: 3.2 @include "scl.conf"
source s_local { system();
I'm not sure the system() macro supports Darwin, it is just executing a shell script, which outputs the configuration snippet to be used by syslog-ng itself.
The script is installed $prefix/share/syslog-ng/include/scl/system/generate-system-source.sh
Now as I've checked, it doesn't support Darwin, so no wonder it doesn't work there.
IIRC MacOS uses unix-dgram() for its /dev/log device, but I'm not absolutely certain.
-- Bazsi
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Bazsi
On Tue, Jan 17, 2012 at 08:58:19AM +0100, Balazs Scheidler wrote:
On Mon, 2012-01-16 at 17:07 -0500, Andrew Eberbach wrote:
Hi
Yeah I figured as much. I guessed that Darwin would be FreeBSD-ish so I added that to the script but it didn't work. On OSX there's no /dev/log. I did an lsof|grep syslogd to see what it had open:
/var/run/asl_input /var/run/syslog /dev/klog
But none of those seemed to get the log messages. What I ended up doing is just forwarding everything through to syslog-ng over UDP from normal syslogd but that doesn't seem like it's The Right Way (tm).
Anyway, thanks for getting back to me. If you do figure out a way to do it without having to have both running I'd be interested.
It'd make sense to post what configuration you've tried.
According to the page below [1], it should be:
unix-dgram("/var/run/syslog");
Does that work for you?
[1] http://72.14.189.113/howto/logging/syslog-ng/ That article is outdated. From 10.4 OS X uses the new Apple System Logger infrastructure to collect and store logs in an internal database. It's format is proprietary and only accessable by an API (see asl(3) and asl.conf(3)).
What Apple's syslogd does it to poll this database periodically over said API and write the selected logs into the ye olde text files. As long as syslog-ng doesn't have a source plugin for ASL, the only thing can be done is configure syslogd to send logs over UDP or a pipe to syslog-ng. Regards, folti
Yup, that was the result of my research and experimentation as well. I just thought I'd missed something obvious. Thanks, Andrew Eberbach On 2012-01-17, at 4:47 AM, Pal Tamas <folti@balabit.hu> wrote:
On Tue, Jan 17, 2012 at 08:58:19AM +0100, Balazs Scheidler wrote:
On Mon, 2012-01-16 at 17:07 -0500, Andrew Eberbach wrote:
Hi
Yeah I figured as much. I guessed that Darwin would be FreeBSD-ish so I added that to the script but it didn't work. On OSX there's no /dev/log. I did an lsof|grep syslogd to see what it had open:
/var/run/asl_input /var/run/syslog /dev/klog
But none of those seemed to get the log messages. What I ended up doing is just forwarding everything through to syslog-ng over UDP from normal syslogd but that doesn't seem like it's The Right Way (tm).
Anyway, thanks for getting back to me. If you do figure out a way to do it without having to have both running I'd be interested.
It'd make sense to post what configuration you've tried.
According to the page below [1], it should be:
unix-dgram("/var/run/syslog");
Does that work for you?
[1] http://72.14.189.113/howto/logging/syslog-ng/ That article is outdated. From 10.4 OS X uses the new Apple System Logger infrastructure to collect and store logs in an internal database. It's format is proprietary and only accessable by an API (see asl(3) and asl.conf(3)).
What Apple's syslogd does it to poll this database periodically over said API and write the selected logs into the ye olde text files.
As long as syslog-ng doesn't have a source plugin for ASL, the only thing can be done is configure syslogd to send logs over UDP or a pipe to syslog-ng.
Regards, folti
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (3)
-
Andrew Eberbach
-
Balazs Scheidler
-
Pal Tamas