O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

19.2. Adjusting syslogd Behavior

Most applications store their own log files in their own ways. For such applications, if you want to make any changes to the way they treat logs, consult the documentation provided by the developer. However, critical Mac OS X components take advantage of a system-wide logging message in Leopard and Snow Leopard called syslogd (system log daemon). This utility can store log messages locally or on a remote server and lets you choose exactly what behavior should occur for log entries from various sources and with various priority levels.

The syslogd process runs automatically in the background; to change its behavior, all you need to do is edit a single text file: /etc/syslog.conf. The default contents of the file are as follows (lines beginning with a # are commented out):

*.err;kern.*;auth.notice;authpriv,remoteauth,install.none;mail.crit
   /dev/console
*.notice;authpriv,remoteauth,ftp,install.none;kern.debug;mail.crit
   /var/log/system.log
# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out
   this line.
#* .err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit
    /dev/tty.serial
# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable # files. auth.info;authpriv.*;remoteauth.crit /var/log/secure.log lpr.info /var/log/lpr.log mail.* /var/log/mail.log ftp.* /var/log/ftp.log install.* /var/log/install.log install.* ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required