How to start Syslogd server on Mac to accept remote logging messages?
Solution 1
Syslogd should already be running on your system; what you need to do is enable its UDP listening option. This is controlled by a section near the end of /System/Library/LaunchDaemons/com.apple.syslogd.plist; remove the comment markers so that it looks like this:
<!--
Un-comment the following lines to enable the network syslog protocol listener.
-->
<key>NetworkListener</key>
<dict>
<key>SockServiceName</key>
<string>syslog</string>
<key>SockType</key>
<string>dgram</string>
</dict>
</dict>
</dict>
</plist>
And then reload the syslogd daemon either by rebooting, or by running:
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
UPDATE: Starting in OS X v10.7, Apple switched com.apple.syslogd.plist to a binary plist format, which doesn't include the relevant comment, and isn't editable as plain text. With the new format, PlistBuddy seems to be the easiest way to add the listener:
cd /System/Library/LaunchDaemons
sudo /usr/libexec/PlistBuddy -c "add :Sockets:NetworkListener dict" com.apple.syslogd.plist
sudo /usr/libexec/PlistBuddy -c "add :Sockets:NetworkListener:SockServiceName string syslog" com.apple.syslogd.plist
sudo /usr/libexec/PlistBuddy -c "add :Sockets:NetworkListener:SockType string dgram" com.apple.syslogd.plist
sudo launchctl unload com.apple.syslogd.plist
sudo launchctl load com.apple.syslogd.plist
Solution 2
A bit old, but I did have to do this today and whilst searching around for a simple piece of software to do this for me I came across this question.
All I really wanted to do was watch some syslog entries for a short period of time and see what was coming from the server so what I ended up doing was:
sudo tcpdump -lns 0 -w - udp and port 514 | strings
This will simply print out any message that is sent to your machine on the output so you can display it.
Anyway if you do this and it outputs messages that are being transmitted to your server you can be sure it's not being blocked by your firewall or any other hardware in the middle.
Related videos on Youtube
20 : 51
08 : 11
19 : 57
04 : 51
19 : 37
10 : 40
07 : 45
03 : 19
25 : 36
![[HCD][Livestream] Cơ bản về log, syslog, rsyslog](https://i.ytimg.com/vi/ikfTEpT9b5M/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDQJAsP2W94UoeUoMOFzcOVHD7zOA)
01 : 13 : 49
willpowerforever
Updated on July 09, 2022Comments
-
willpowerforever almost 2 years
Anyone knows how to start Syslogd server on Mac to accept remote logging messages?
I started Syslogd, but seems it doesn't accept remote messages.
If I do a netstat -an it looks like udp port 514 is listening. However, if I scan the server from my laptop using nmap then I don't see udp 514. It's likely the port is being blocked somewhere. I have checked ipfw but it does not look like any rules defined.
I've seen lots of articles say that have to specify -r option. Is this the same on Mac? How to do that on Mac?
-
John Y over 11 yearsWhich version of OS X is this for? On Mountain Lion Server, I get "com.apple.launchd[1]: (com.apple.syslogd) Unknown key for dictionary: NetworkListener" in the console and I still don't see remote log messages…
-
Gordon Davisson over 11 years@JohnYeates: Try the updated instructions (but be sure to start from a "stock" version of com.apple.syslogd.plist).
-
Raj over 10 yearsI followed the steps in your update, but don't see any additional messages from my router in the OS X syslog. I don't have the firewall enabled and I know the router can ping my OS X machine. I see this in com.apple.syslogd.plist:<key>NetworkListener</key> <dict> <key>SockServiceName</key> <string>syslog</string> <key>SockType</key> <string>dgram</string> </dict>I also unloaded and loaded syslogd. Am I missing something? -
Gordon Davisson over 10 years@Raj: not sure. Try running
netstat -a | grep LISTENto see what services your Mac is listening for connections to; if "*.syslog" is in the list, it's running and you need to figure out why the other computers aren't sending to it. If it's not listed, your Mac isn't offering syslog service; double-check the .plist file, and try rebooting instead of just reloading. If that doesn't do it, report back what OS X version you're running and exactly what you did to enable it... -
Raj over 10 years@GordonDavisson *.syslog is not in that list. I followed your updated steps to enable syslog. I am using OS X 10.8.5. Here's what's in my syslogd.plist: pastebin.com/RDaYn7V3 Does anything standout by chance?
-
Raj over 10 years@GordonDavisson Forgot to mention that I rebooted too, but no luck.
-
Gordon Davisson over 10 years@Raj: Ack, I gave you the wrong check for a network listener; it's UDP, so LISTEN won't work. Try
netstat -a | grep syslogand look for something like "udp4 0 0 *.syslog *.*". The .plist on pastebin looks fine to me. -
Frank Hintsch over 8 yearsThis will not work anymore in El Capitan due to the SIP restrictions I guess. See stackoverflow.com/questions/30768087/…
-
infinite-loop almost 8 yearsBad News: This does not work on El Captain. See this: discussions.apple.com/thread/7322612?start=0&tstart=0 Good News: You can use Xcode to edit the plist file - even if in binary.
