[syslog-ng]syslog-ng 1.7.0 on Darwin (Mac OSX Server 10.3 Panther)

Cary, Kim syslog-ng@lists.balabit.hu
Mon, 3 May 2004 15:39:40 -0700 

Hi all,

Well, finally have this going and not crashing! Last night's 1.70 and  
the corresponding libol. Yay!

However, I'm not grokking Darwin compared to Solaris/Linux and  
syslog-ng configs compared to vanilla syslog. I'm not finding much on  
searches that helps. The man pages for the O/S seem like they come from  
BSD but don't apply (see log sockets which don't exist ). I'm not a C  
programmer and am a bit lost trying to go to syslog.h . Little help  
here?

IT RUNS
  4.3 Berkeley Distribution        June 6, 1993        4.3 Berkeley  
Distribution
[mal-centurion:local/etc/syslog-ng] admin% sudo lsof | grep syslog
tcsh       9840   admin  cwd    VDIR      14,21        512   200229  
/usr/local/etc/syslog-ng
syslog-ng 16625    root  cwd    VDIR      14,21        512   200229  
/usr/local/etc/syslog-ng
syslog-ng 16625    root    0u   VCHR        3,2        0t0 20520196  
/dev/null
syslog-ng 16625    root    1u   VCHR        3,2        0t0 20520196  
/dev/null
syslog-ng 16625    root    2u   VCHR        3,2        0t0 20520196  
/dev/null
syslog-ng 16625    root    3r                                        
0x013d5958 file struct, ty=0x3, op=0x30f300
syslog-ng 16625    root    4u   IPv4 0x0142ef20        0t0      UDP  
*:syslog
syslog-ng 16625    root    5r                                        
0x013d3924 file struct, ty=0x3, op=0x30f300
syslog-ng 16625    root    6u   IPv4 0x024554c8        0t0      TCP  
*:5140 (LISTEN)
lsof      16894    root  cwd    VDIR      14,21        512   200229  
/usr/local/etc/syslog-ng
grep      16895   admin  cwd    VDIR      14,21        512   200229  
/usr/local/etc/syslog-ng

WHAT RUNS?


I DONT KNOW THE RIGHT SOCKET/DEVICE OR PROTOCOL
There is no /var/run/log or /dev/log. There is a /dev/klog but I get
	io.c: bind_unix_socket(): /dev/klog not a socket

MY CONFIG IS FUBARED

Below I place my regular config, then the syslog-ng config.

VANILLA
[mal-centurion:local/etc/syslog-ng] admin% more /etc/syslog.conf
*.err;kern.*;auth.notice;authpriv,remoteauth,install.none;mail.crit      
         /dev/console
*.notice;local4,authpriv,remoteauth,ftp,install.none;kern.debug; 
mail.crit;mark.*        /var/log/system.log

# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out  
this line.
#*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit             
/dev/tty.serial

# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
authpriv.*;remoteauth.crit                               
/var/log/secure.log

lpr.info                                                /var/log/lpr.log
mail.*                                                   
/var/log/mail.log
ftp.*                                                   /var/log/ftp.log
netinfo.err                                              
/var/log/netinfo.log
install.*                                                
/var/log/install.log
install.*                                               @127.0.0.1:32376

*.emerg                                                 *

local6.notice                                            
/private/var/log/mailaccess.log


NEXT GENERATION
###############################################################
# First, set some global options.

options {
#       use_fqdn(yes);
#       use_dns(yes);
#       dns_cache(yes);
         keep_hostname(yes);
         long_hostnames(off);
         sync(1);
         log_fifo_size(1024);
};

###############################################################
#
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
#source src { unix-stream("/dev/log"); internal(); };


source src {
#       don't read from /proc/kmsg and run klogd also (Linux)
#       pipe("/proc/kmsg");
#       file("/proc/kmsg") log_prefix("kernel: ");
#       unix-stream("/dev/log");
#       unix-stream("/chroot/named/dev/log");
         internal();
         udp();
#       udp(ip("10.0.5.8") port(514));
         tcp(port(5140) keep-alive(yes));
#       tcp(ip("10.9.9.3") port(5140) keep-alive(yes));
};

  ###############################################################
# After that set destinations.

# First some standard logfile
#
destination authlog { file("/var/ng-syslog/auth.log"); };
destination syslog { file("/var/ng-syslog/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/ng-syslog/daemon.log"); };
destination kern { file("/var/ng-syslog/kern.log"); };
destination lpr { file("/var/ng-syslog/lpr.log"); };
destination user { file("/var/ng-syslog/user.log"); };
destination uucp { file("/var/ng-syslog/uucp.log"); };


# This files are the log come from the mail subsystem.
#
#destination mail { file("/var/log/mail.log"); };
#destination maillog { file("/var/log/maillog"); };
#destination mailinfo { file("/var/log/mail.info"); };
#destination mailwarn { file("/var/log/mail.warn"); };
#destination mailerr { file("/var/log/mail.err"); };
#
# Logging for INN news system
#
#destination newscrit { file("/var/log/news/news.crit"); };
#destination newserr { file("/var/log/news/news.err"); };
#destination newsnotice { file("/var/log/news/news.notice"); };

# Some `catch-all' logfiles.
#
destination debug { file("/var/ng-syslog/debug"); };
destination messages { file("/var/ng-syslog/messages"); };

# The root's console.
#
destination console { usertty("root"); };

The balance of that sample file is commented. The directory  
/var/ng-syslog exists, but none of the files. Do I have to touch those  
to get them going?