Lingon X can do all this for you and much more. Lets you run things automatically by modifying configuration files for the built-in system function called launchd so the system handles running the jobs so you don’t need to have Lingon open after you have saved your job. Lingon is a graphical user interface for creating an editing launchd configuration files for Mac OS X Leopard 10.5. You can use launchd on a Mac to launch scripts and applications whenever something special happens or at a specific time or periodically. Lingon is a graphical user interface for creating an editing launchd configuration files for Mac OS X. Lingon can start an app, a script or run a command automatically whenever you want it to. You can schedule it to run at a specific time, regularly or when something special happens. More Info » Lingon can also make sure that an app or a.
- As Mecki pointed out, launchd would be the way to go with this. There's a GUI interface for launchd called Lingon that you might want to check out, as opposed to editing the launchd files by hand: Lingon is a graphical user interface for creating an editing launchd configuration files for Mac OS X Leopard 10.5.
- Lingon lets you run things automatically on your Mac. GUI for creating/controlling launchd config files. Version 3.1: Added option to run job when a file or a.
10.4: Enable remote logging in 10.4 | 10 comments | Create New Account
Click here to return to the '10.4: Enable remote logging in 10.4' hint |
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A bit of followup:
• The local4 change to syslog.conf is an application/host-specific modification. It'll be ineffective unless something generates syslog messages for it (e.g. the firewall mentioned in the original hint you referred to).
• You could run 'Go to Folder..' [shift-command-G] from Finder, type /System/Library/LaunchDaemons to open that folder (or, 'open ..' it from Terminal), then drag/drop com.apple.syslogd.plist to whichever writable location you want to save a backup copy. Saving it on the Desktop is probably not the best choice.
• It's not necessary to type the full pathname for launchctl paths. Also, restarting the syslog daemon can be accomplished by sending it a SIGHUP (e.g. 'killall -HUP syslogd).
• Peter Borg's Lingon is a nice GUI for creating/controlling launchd config files.
Video converter 2 1 0.
• The local4 change to syslog.conf is an application/host-specific modification. It'll be ineffective unless something generates syslog messages for it (e.g. the firewall mentioned in the original hint you referred to).
• You could run 'Go to Folder..' [shift-command-G] from Finder, type /System/Library/LaunchDaemons to open that folder (or, 'open ..' it from Terminal), then drag/drop com.apple.syslogd.plist to whichever writable location you want to save a backup copy. Saving it on the Desktop is probably not the best choice.
• It's not necessary to type the full pathname for launchctl paths. Also, restarting the syslog daemon can be accomplished by sending it a SIGHUP (e.g. 'killall -HUP syslogd).
• Peter Borg's Lingon is a nice GUI for creating/controlling launchd config files.
Video converter 2 1 0.
Hi,
Thks 4 the hint. It works fine to the extent that the machine is listening to the router and i can use the 'tail -f /var/log/system.log' command to check it. However, nothing is written to the log file i specify. Here are the config files i use . Anything i am doing wrong ?
thks,
laurent
**********************************************************
*.err;kern.*;auth.notice;authpriv,remoteauth,install.none;mail.crit /dev/console
*.notice;authpriv,remoteauth,ftp,install.none;kern.debug;mail.crit;local4.none /var/log/system.log
# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out this line.
#*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit /dev/tty.serial
# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
authpriv.*;remoteauth.crit /var/log/secure.log
lpr.info /var/log/lpr.log
mail.* /var/log/mail.log
ftp.* /var/log/ftp.log
netinfo.err /var/log/netinfo.log
install.* /var/log/install.log
install.* @127.0.0.1:32376
local0.* /var/log/ipfw.log
local4.* /var/log/remote.log
*.emerg *
**********************************************************
**********************************************************
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE plist PUBLIC '-//Apple Computer//DTD PLIST 1.0//EN' '>http://www.apple.com/DTDs/PropertyList-1.0.dtd'>;
<plist version='1.0'>
<dict>
<key>Label</key>
<string>com.apple.syslogd</string>
<key>ServiceDescription</key>
<string>Apple System Log Daemon</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/syslogd</string>
<string>-u</string>
</array>
<key>ServiceIPC</key>
<false/>
</dict>
</plist>
**********************************************************
**********************************************************
/bin/mv /var/log/remote.log /archivedlogs/`/bin/date +%m%d%y`.txt
launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
sleep 1
launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
/usr/sbin/chown webtest /archivedlogs/`/bin/date +%m%d%y`.txt
/usr/bin/chgrp admin /archivedlogs/`/bin/date +%m%d%y`.txt
**********************************************************
Thks 4 the hint. It works fine to the extent that the machine is listening to the router and i can use the 'tail -f /var/log/system.log' command to check it. However, nothing is written to the log file i specify. Here are the config files i use . Anything i am doing wrong ?
thks,
laurent
**********************************************************
*.err;kern.*;auth.notice;authpriv,remoteauth,install.none;mail.crit /dev/console
*.notice;authpriv,remoteauth,ftp,install.none;kern.debug;mail.crit;local4.none /var/log/system.log
# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out this line.
#*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit /dev/tty.serial
# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
authpriv.*;remoteauth.crit /var/log/secure.log
lpr.info /var/log/lpr.log
mail.* /var/log/mail.log
ftp.* /var/log/ftp.log
netinfo.err /var/log/netinfo.log
install.* /var/log/install.log
install.* @127.0.0.1:32376
local0.* /var/log/ipfw.log
local4.* /var/log/remote.log
*.emerg *
**********************************************************
**********************************************************
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE plist PUBLIC '-//Apple Computer//DTD PLIST 1.0//EN' '>http://www.apple.com/DTDs/PropertyList-1.0.dtd'>;
<plist version='1.0'>
<dict>
<key>Label</key>
<string>com.apple.syslogd</string>
<key>ServiceDescription</key>
<string>Apple System Log Daemon</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/syslogd</string>
<string>-u</string>
</array>
<key>ServiceIPC</key>
<false/>
</dict>
</plist>
**********************************************************
**********************************************************
/bin/mv /var/log/remote.log /archivedlogs/`/bin/date +%m%d%y`.txt
launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
sleep 1
launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
/usr/sbin/chown webtest /archivedlogs/`/bin/date +%m%d%y`.txt
/usr/bin/chgrp admin /archivedlogs/`/bin/date +%m%d%y`.txt
**********************************************************
To enable remote logging in 10.5 you should uncomment following at the end of '/System/Library/LaunchDaemons/com.apple.syslogd.plist' file.
Lingon 3 1 – Gui For Creatingcontrolling Launchd Config Files Download
Has anyone gotten this to work in 10.5? I mage the changes in syslog.conf and syslogd.plist. Still no go. I can see the syslogs messages coming in on Facility1, which is also a selector to a file, but nothing is written to any log files.
In syslogd.plist, I uncommented the last lines, restarted the processes, no joy. So I added the <string>-u</string> commands, restarted, still no go.
What am I missing?
Thanks
In syslogd.plist, I uncommented the last lines, restarted the processes, no joy. So I added the <string>-u</string> commands, restarted, still no go.
What am I missing?
Thanks
well I have remote Syslog data coming into my server, my problem is that that I have discrete logs for that data, ie for log events from my router I have created /var/log/router.log
All works fine expect the router log is also getting local log events .. I can't stop them.
Pathetic documentation from Apple - het guys it ain't free so fix it.
---
________________
Cheers,
Paul I1profiler 1 6 1 download free.
All works fine expect the router log is also getting local log events .. I can't stop them.
Pathetic documentation from Apple - het guys it ain't free so fix it.
---
________________
Cheers,
Paul I1profiler 1 6 1 download free.
It's been a while since this was posted, but I just worked on getting my new router to use syslogd on 10.5. I had to do the steps shown below. Many of these steps are duplicates of the ones above, but the original title for this hint covered 10.4, and I figured someone searching for info about 10.5 would find it more easily if it's all in one place.
The key for getting this hint to work on my 10.5 implementation was that the piss-poor socket firewall has to allow syslogd to bind to port 514. There are three ways to do that, and I'll list them below.
The steps for enabling remote syslog in 10.5:
1. Figure out what syslog 'facility' your remote device is using in its reports:
$ sudo tcpdump -s 0 -X port 514
(And it turns out my router uses local7, not local4.)
2. Create a file for the logs:
$ sudo touch /var/log/router.log
3. Save a copy of /etc/syslog.conf and then add a line for the new log:
local7.* /var/log/router.log
4. Uncomment the lines in /System/Library/LaunchDaemons/com.apple.syslogd.plist that are marked as being for remote syslog (they are shown under this hint).
5. Stop the old syslogd configuration and start using the one you've just set up:
$ sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
$ sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
6. (10.5) Add syslogd to the programs allowed by the socket (Apple calls it 'application') firewall (socketfilterfw, not ipfw). This can be done in three ways. You can: a) turn off the socket firewall (not my preferred way), b) add syslogd using the firewall GUI (also not my preference), or c) add syslogd to the list of core services.
a) you can turn off the Apple socket firewall in System Preferences->Security->Firewall. Choose 'Allow all incoming connections'.
b) you can add syslogd to the GUI by selecting 'Set access for specific services and applications', then press the '+'. In the 'choose file' dialog, type <shift><command>G to go to /usr/sbin, then select syslogd. This approach makes it easier to remove the entry for syslogd, but prevents remote syslogging if you choose 'Allow only essential services'.
c) you can add syslogd to the list of core services by editing /usr/libexec/ApplicationFirewall/com.apple.alf.plist (note: there is a copy of this file at /Library/Preferences/com.apple.alf.plist but the libexec file appears to be the master, and it's ASCII). In a pinch, you can edit this ASCII file with your favorite text editor, or use the Property List Editor, from Developer Tools. Doing this editing is more complicated to describe than it is to do, so don't be too overwhelmed by the instructions below.
First, make a copy of the current file:
$ sudo cp -p /usr/libexec/ApplicationFirewall/com.apple.alf.plist /usr/libexec/ApplicationFirewall/com.apple.alf.plist_current
If you have the property list editor, you can type:
$ sudo open /usr/libexec/ApplicationFirewall/com.apple.alf.plist
Using the plist editor, create a new sibling under the property called 'exceptions'. Change it's type to 'dictionary'. Create two children under it. Call the first child 'Path', make it of type String, with the value /usr/sbin/syslogd. Call the second child 'state', of type Number, value 3. (You can do this without the plist editor, but I'll leave that exercise to the reader :)
When you are done, save the result two ways: save it as a text file and as a binary property list file. Even though you ran sudo to edit the file, you won't be able to save the new files on top of the old ones (I suspect that's because of Apple's zealous adoption of ACLs). Save both files to a convenient place (your home directory, for example).
Next, set the permissions for the new files:
$ sudo chown root:admin <new binary file name> <new text file name>
$ sudo chmod 644 <new binary file name> <new text file name>
Then stop the socket firewall:
$ sudo launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist
And move the files into position:
$ sudo mv <new binary file name> /Library/Preferences/com.apple.alf.plist
$ sudo mv <new text file name> /usr/libexec/ApplicationFirewall/com.apple.alf.plist
Then restart the socket firewall:
$ sudo launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist
[A word of caution on this method: it appears that Apple has designed these files to preserve your changes during a software update. But it's quite possible that the text version in /usr/libexec/ApplicationFirewall/com.apple.alf.plist will be over-written by a software update. Make a copy of the final result, and keep that in mind if you ever have to revert to the text version of the plist file.]
7. If you're security-minded, you probably aren't trusting Apple's socket firewall to do the whole job. If you're also using ipfw (I use WaterRoof to make it easier to use ipfw), you may need an ipfw rule to allow connections from your logging device to the syslogd port on your Mac. If your ipfw ruleset defaults* to 'deny', you need a rule like this:
allow udp from <router ip address> to me dst-port 514 in
(* the default Apple rule for ipfw allows all traffic, making it almost useless. The more draconian approach to setting up firewall rules is to create a default deny statement just before Apple's default allow statement, which is built into the kernel.)
Phew! In the good old days of SunOS, it was a hell of a lot easier than it is now.. and they call this 'progress'?
The key for getting this hint to work on my 10.5 implementation was that the piss-poor socket firewall has to allow syslogd to bind to port 514. There are three ways to do that, and I'll list them below.
The steps for enabling remote syslog in 10.5:
1. Figure out what syslog 'facility' your remote device is using in its reports:
$ sudo tcpdump -s 0 -X port 514
(And it turns out my router uses local7, not local4.)
2. Create a file for the logs:
$ sudo touch /var/log/router.log
3. Save a copy of /etc/syslog.conf and then add a line for the new log:
local7.* /var/log/router.log
4. Uncomment the lines in /System/Library/LaunchDaemons/com.apple.syslogd.plist that are marked as being for remote syslog (they are shown under this hint).
5. Stop the old syslogd configuration and start using the one you've just set up:
$ sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
$ sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
6. (10.5) Add syslogd to the programs allowed by the socket (Apple calls it 'application') firewall (socketfilterfw, not ipfw). This can be done in three ways. You can: a) turn off the socket firewall (not my preferred way), b) add syslogd using the firewall GUI (also not my preference), or c) add syslogd to the list of core services.
a) you can turn off the Apple socket firewall in System Preferences->Security->Firewall. Choose 'Allow all incoming connections'.
b) you can add syslogd to the GUI by selecting 'Set access for specific services and applications', then press the '+'. In the 'choose file' dialog, type <shift><command>G to go to /usr/sbin, then select syslogd. This approach makes it easier to remove the entry for syslogd, but prevents remote syslogging if you choose 'Allow only essential services'.
c) you can add syslogd to the list of core services by editing /usr/libexec/ApplicationFirewall/com.apple.alf.plist (note: there is a copy of this file at /Library/Preferences/com.apple.alf.plist but the libexec file appears to be the master, and it's ASCII). In a pinch, you can edit this ASCII file with your favorite text editor, or use the Property List Editor, from Developer Tools. Doing this editing is more complicated to describe than it is to do, so don't be too overwhelmed by the instructions below.
First, make a copy of the current file:
$ sudo cp -p /usr/libexec/ApplicationFirewall/com.apple.alf.plist /usr/libexec/ApplicationFirewall/com.apple.alf.plist_current
If you have the property list editor, you can type:
$ sudo open /usr/libexec/ApplicationFirewall/com.apple.alf.plist
Using the plist editor, create a new sibling under the property called 'exceptions'. Change it's type to 'dictionary'. Create two children under it. Call the first child 'Path', make it of type String, with the value /usr/sbin/syslogd. Call the second child 'state', of type Number, value 3. (You can do this without the plist editor, but I'll leave that exercise to the reader :)
When you are done, save the result two ways: save it as a text file and as a binary property list file. Even though you ran sudo to edit the file, you won't be able to save the new files on top of the old ones (I suspect that's because of Apple's zealous adoption of ACLs). Save both files to a convenient place (your home directory, for example).
Next, set the permissions for the new files:
$ sudo chown root:admin <new binary file name> <new text file name>
$ sudo chmod 644 <new binary file name> <new text file name>
Then stop the socket firewall:
$ sudo launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist
And move the files into position:
$ sudo mv <new binary file name> /Library/Preferences/com.apple.alf.plist
$ sudo mv <new text file name> /usr/libexec/ApplicationFirewall/com.apple.alf.plist
Then restart the socket firewall:
$ sudo launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist
[A word of caution on this method: it appears that Apple has designed these files to preserve your changes during a software update. But it's quite possible that the text version in /usr/libexec/ApplicationFirewall/com.apple.alf.plist will be over-written by a software update. Make a copy of the final result, and keep that in mind if you ever have to revert to the text version of the plist file.]
7. If you're security-minded, you probably aren't trusting Apple's socket firewall to do the whole job. If you're also using ipfw (I use WaterRoof to make it easier to use ipfw), you may need an ipfw rule to allow connections from your logging device to the syslogd port on your Mac. If your ipfw ruleset defaults* to 'deny', you need a rule like this:
allow udp from <router ip address> to me dst-port 514 in
(* the default Apple rule for ipfw allows all traffic, making it almost useless. The more draconian approach to setting up firewall rules is to create a default deny statement just before Apple's default allow statement, which is built into the kernel.)
Phew! In the good old days of SunOS, it was a hell of a lot easier than it is now.. and they call this 'progress'?
Oh, so close, xr4ti.
Thanks for the wealth of info in your comment.
I had to do some digging into what some terms you were meant. For example how to find the 'facility' in the syslog data that was being sent to the syslog server. Adding a -v to the tcpdump command gave me a second line in each incoming message that said:
<code> Facility security (13), Severity info (6)</code>
so my guess that my D-Link router is naming its syslog facility 'security' but it is still not writing to the router.log file even after editing the syslog.config to point security.* to /var/logs/router.log.
The Mac we are trying to add syslog ability to has the firewall set to accept all incoming (Slap my wrist if you wish..) which is obviously true because it is seeing the correct tcpdump data coming in on the specified port.
Am I not reading the tcpdump data correctly? Do I need to run it with -vv to read what the facility tag really is?
I just tried a full reboot and there's still nothing getting written to the router log.
Thanks for the wealth of info in your comment.
I had to do some digging into what some terms you were meant. For example how to find the 'facility' in the syslog data that was being sent to the syslog server. Adding a -v to the tcpdump command gave me a second line in each incoming message that said:
<code> Facility security (13), Severity info (6)</code>
so my guess that my D-Link router is naming its syslog facility 'security' but it is still not writing to the router.log file even after editing the syslog.config to point security.* to /var/logs/router.log.
The Mac we are trying to add syslog ability to has the firewall set to accept all incoming (Slap my wrist if you wish..) which is obviously true because it is seeing the correct tcpdump data coming in on the specified port.
Am I not reading the tcpdump data correctly? Do I need to run it with -vv to read what the facility tag really is?
I just tried a full reboot and there's still nothing getting written to the router log.
Facility security (13), Severity info (6) so my guess that my D-Link router is naming its syslog facility 'security' but it is still not writing to the router.log file even after editing the syslog.config to point security.* to /var/logs/router.log.Try remoteauth.* instead of security.*. I recently had the same trouble routing my D-Link log to a Tiger machine. Rather than 'security,' Wireshark reports:
Facility: LOGAUDIT - log audit (13) and Level INFO - informational (6)
so like you I was trying logaudit.* and audit.*, etc.
Vmware fusion 7 1 2314774 download free. If you look at /usr/include/sys/syslog.h you can see how the numbers (13 in this case) map into the facility text codes (remoteauth).
I have a netgear router that I'm trying to pull in its logs to a snow leopard blackbook. All the basics are working, but I have a little bit of wonkiness that I'm not sure how to fix.
After looking at my tcpdumps, I noticed that it's using a facility originator of 4 (which maps to 'auth').
Everything from my netgear now goes into secure.log (as it's supposed to). Is there any way to re-route the netgear syslog messages into its own file (i.e. netgear.log) without hi-jacking *all* of the local security messages that *should* be going to secure.log?
After looking at my tcpdumps, I noticed that it's using a facility originator of 4 (which maps to 'auth').
Everything from my netgear now goes into secure.log (as it's supposed to). Is there any way to re-route the netgear syslog messages into its own file (i.e. netgear.log) without hi-jacking *all* of the local security messages that *should* be going to secure.log?
Lingon 3 1 – Gui For Creatingcontrolling Launchd Config Files Pdf
What changes did you make to the config files to get that much to work?