19.2. Adjusting syslogd Behavior
Most applications store their own log files in their own ways. For such applications, if you want to make any changes to the way they treat logs, consult the documentation provided by the developer. However, critical Mac OS X components take advantage of a system-wide logging message in Leopard and Snow Leopard called syslogd (system log daemon). This utility can store log messages locally or on a remote server and lets you choose exactly what behavior should occur for log entries from various sources and with various priority levels.
The syslogd process runs automatically in the background; to change its behavior, all you need to do is edit a single text file: /etc/syslog.conf. The default contents of the file are as follows (lines beginning with a # are commented out):
*.err;kern.*;auth.notice;authpriv,remoteauth,install.none;mail.crit
/dev/console
*.notice;authpriv,remoteauth,ftp,install.none;kern.debug;mail.crit
/var/log/system.log
# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out
this line.
#* .err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit
/dev/tty.serial
# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable # files. auth.info;authpriv.*;remoteauth.crit /var/log/secure.log lpr.info /var/log/lpr.log mail.* /var/log/mail.log ftp.* /var/log/ftp.log install.* /var/log/install.log install.* ...
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
