[syslog-ng] No logging on Snow Leopard except internal
Pal Tamas
folti at balabit.hu
Tue Jan 17 10:47:56 CET 2012
On Tue, Jan 17, 2012 at 08:58:19AM +0100, Balazs Scheidler wrote:
> On Mon, 2012-01-16 at 17:07 -0500, Andrew Eberbach wrote:
> > Hi
> >
> > Yeah I figured as much. I guessed that Darwin would be FreeBSD-ish so
> > I added that to the script but it didn't work. On OSX there's no
> > /dev/log. I did an lsof|grep syslogd to see what it had open:
> >
> > /var/run/asl_input
> > /var/run/syslog
> > /dev/klog
> >
> > But none of those seemed to get the log messages. What I ended up
> > doing is just forwarding everything through to syslog-ng over UDP from
> > normal syslogd but that doesn't seem like it's The Right Way (tm).
> >
> > Anyway, thanks for getting back to me. If you do figure out a way to
> > do it without having to have both running I'd be interested.
>
> It'd make sense to post what configuration you've tried.
>
> According to the page below [1], it should be:
>
> unix-dgram("/var/run/syslog");
>
> Does that work for you?
>
> [1] http://72.14.189.113/howto/logging/syslog-ng/
That article is outdated. From 10.4 OS X uses the new Apple System
Logger infrastructure to collect and store logs in an internal database.
It's format is proprietary and only accessable by an API (see asl(3) and
asl.conf(3)).
What Apple's syslogd does it to poll this database periodically over
said API and write the selected logs into the ye olde text files.
As long as syslog-ng doesn't have a source plugin for ASL, the only
thing can be done is configure syslogd to send logs over UDP or a pipe
to syslog-ng.
Regards,
folti
More information about the syslog-ng
mailing list