Does Mac OS X have a syslog server?

First turn on remote sysloging:

http://docs.info.apple.com/article.html?artnum=107993

Note:

http://developer.apple.com/documenta...syslogd.8.html

Then open UDP port 514 if required:

http://docs.info.apple.com/article.html?artnum=106439

Configure syslog.conf to log the events into a log file:

http://www.macosxhints.com/article.p...40301223642276

http://forums.macosxhints.com/showthread.php?t=21236

My example:

In syslog.conf, above the first log line:

*.err;kern.*;auth.notice; (blah blah)

add the folowing lines:

# Log remote Airport Extreme

#airport IP address

+1.2.3.4

*.*/var/log/AirportExtreme.log

!* #end block

# Log router

#remote router IP address

+1.2.3.5

*.*/var/log/Router.log

!* #end block

#OS X Server services

# IPFW Firewall

!ipfw

*.*/var/log/ipfw.log

!* #end block

#CRON events (NOTE CASE)

!CRON

*.*/var/log/RemoteFirewall.log

!* #end block

(etc.)

You can then exclude the log messages so they don't appear in other logs (I don't) using:

http://forums.macosxhints.com/showth...ghlight=syslog

Remember to create (touch) the above log files.

You may want to modify your daily and weekly log rotation:

Ex. in 500.weekly look for this line and add your log file names:

for i in ftp.log lookupd.log (blah blah)

Again, the true authors:

http://forums.macosxhints.com/showthread.php?t=21236 --> send IPFW to its own log

http://www.macosxhints.com/article.p...40301223642276 --> how to receive from remote hosts

http://www.oit.duke.edu/mac/OSX_logging.html --> Start and Stop syslogd and etc.

http://docs.info.apple.com/article.html?artnum=107993 --> Turn on remote syslog server

http://forums.macosxhints.com/showth...ghlight=syslog --> exclude log events

and most important the missing OS X syslog.conf man page!

http://www.freebsd.org/cgi/man.cgi?q...ts&format=html

I hope this helps...