Setting up a network syslog server
I am trying to move my syslog server (which captures my router logs) from a Slackware Linux box to my OS X machine. I have had good luck except for one small detail. Every time periodic daily runs syslogd stops accepting the UDP syslog packets that the router is sending.
I have updated com.apple.syslogd.plist to be:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.syslogd</string>
<key>ServiceDescription</key>
<string>Apple System Log Daemon</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/syslogd</string>
<string>-u</string>
</array>
<key>ServiceIPC</key>
<false/>
</dict>
</plist>
The only thing I changed was to add "<string>-u</string>" to turn on the UDP listener. And it works, too. Except that at 03:14 every morning periodic does a +kill -HUP+ to the daemon and, for some unknown reason, this turns off the UDP listener.
If I do a full kill to syslogd, which results in a new task completely, it starts with the listener running and it logs correctly into router.log until 03:14 the following morning.
If I do a +ps -A|grep syslogd+ I do see the "-u" in the command even if the listener isn't listening.
I think it might be a bug in the -HUP handler in the syslogd code but I don't know the right place to post the question other than here.
For the forum: is anyone else running syslogd and collecting network log traffic? If you are then do you experience the same problem? I know I can work around the problem by putting in a local daily kill and I probably will but I shouldn't have to should I?
Any thoughts would be appreciated.
Bill W
I have updated com.apple.syslogd.plist to be:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.syslogd</string>
<key>ServiceDescription</key>
<string>Apple System Log Daemon</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/syslogd</string>
<string>-u</string>
</array>
<key>ServiceIPC</key>
<false/>
</dict>
</plist>
The only thing I changed was to add "<string>-u</string>" to turn on the UDP listener. And it works, too. Except that at 03:14 every morning periodic does a +kill -HUP+ to the daemon and, for some unknown reason, this turns off the UDP listener.
If I do a full kill to syslogd, which results in a new task completely, it starts with the listener running and it logs correctly into router.log until 03:14 the following morning.
If I do a +ps -A|grep syslogd+ I do see the "-u" in the command even if the listener isn't listening.
I think it might be a bug in the -HUP handler in the syslogd code but I don't know the right place to post the question other than here.
For the forum: is anyone else running syslogd and collecting network log traffic? If you are then do you experience the same problem? I know I can work around the problem by putting in a local daily kill and I probably will but I shouldn't have to should I?
Any thoughts would be appreciated.
Bill W
iMac, Mac OS X (10.4.9), syslogd, daemon, kill, HUP, UDP
