[syslog-ng]Re: syslog-ng 1.7.0 on Darwin (Mac OSX Server 10.3 Panther)

[Jeremy Mates]

* Cary, Kim <Kim.Cary@pepperdine.edu>
> However, I'm not grokking Darwin compared to Solaris/Linux and syslog-
> ng configs compared to vanilla syslog. I'm not finding much on
> searches that helps. The man pages for the O/S seem like they come
> from BSD but don't apply (see log sockets which don't exist ). I'm not
> a C programmer and am a bit lost trying to go to syslog.h . Little
> help here?

Solaris and Linux are a poor reference for how to configure things on
Mac OS X, as Mac OS X is based on BSD, not SysV.

> I DONT KNOW THE RIGHT SOCKET/DEVICE OR PROTOCOL
> There is no /var/run/log or /dev/log. There is a /dev/klog but I get
>       io.c: bind_unix_socket(): /dev/klog not a socket

The easiest method to see how logging works on a particular unix
platform is by watching the system calls made by the logger(1) command.
Apple includes the usual BSD ktrace(2) and kdump(1) commands:

$ ktrace logger "hello world"
$ kdump -f ktrace.out

This file eventually will show the file "/var/run/syslog" being
connected to, which is where Apple utilities have been compiled to log
by default. If you start up the old syslog daemon, you should see it
bound to that file as a socket:

$ file /var/run/syslog
/var/run/syslog: socket

However, this does not answer what sort of socket the file is, which
will be either a unix-stream() or a unix-dgram(). Seeing as Mac OS X has
BSD roots, unix-dgram() would be a good first choice, which turns out to
be what OS X uses to log with additional testing with logger(1). The
following is what I use on my laptop:

source local {
  unix-dgram("/var/run/syslog");
  udp(ip(127.0.0.1) port(514));
  internal();
}

Have not yet looked at getting kernel logging working on OS X.