• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Configuring syslog.conf for custom facilities.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Configuring syslog.conf for custom facilities.

  • Subject: Re: Configuring syslog.conf for custom facilities.
  • From: Terry Simons <email@hidden>
  • Date: Tue, 3 Oct 2006 09:24:22 -0600
Hi Marc,

Thanks for the detailed reply.

I'm working with Radiator, and was hoping to use the AuthLog SYSLOG mechanism to log RADIUS authentication information to syslog on Mac OS X. Unfortunately, Radiator is written in perl, so it looks like I'll have to create a module to wrap the ASL API (unless one already exists?)

Thanks again,

- Terry

On Oct 2, 2006, at 11:23 AM, Marc Majka wrote:

Yes, you can create a custom facility. In fact. your experiment was 99% correct. The only thing you needed to do differently was to use the "syslog" command rather than the "logger" command. Try this:

	syslog -s -k Facility radius Message test

It should do exactly what you want.

We introduced a new Apple System Log message service in Mac OS X 10.4 (Tiger). See the syslogd(8) man page for a description of the components of ASL, and details on the operation of the server. See the asl(3) man page for details on the API.

Before Tiger, Mac OS X used the same syslog system that's used on many other OS platforms. It used a list of Facility codes that were found in /usr/include/sys/syslog.h. To add a new facility code in the old system, you would need to change the header file, and then recompile syslogd and anything else that needed to be aware of the new facility - including the "logger" command.

We still support the old syslog(3) API, and some utilities like the logger command, but underneath them is the new ASL service. Amongst many other changes, ASL does not have a hard-coded list of facilities. The facility may now be any string. The only policy that is enforced with regards to facility names is that only root (UID 0) processes may use "com.apple.system" as a facility name, or as the prefix for a facility name. We're encouraging developers to try to use a "Reverse ICANN" naming convention for facility names to avoid namespace conflicts.

Here's a small test program that will also send a "test" message with the "raduis" facility:

	#include <asl.h>
	#include <string.h>

	int main()
	{
		aslmsg m = asl_new(ASL_TYPE_MSG);
		asl_set_filter(NULL, ASL_FILTER_MASK_UPTO(ASL_LEVEL_DEBUG));

		asl_set(m, "Facility", "radius");
		asl_log(NULL, m, ASL_LEVEL_DEBUG, "test");

		return(0);
	}

See the asl(3) man page for details on the API, but I'll add a couple of notes.

The reason for the call to asl_set_filter() is that, by default, the client side of the ASL library filters out messages with level ASL_LEVEL_DEBUG and ASL_LEVEL_NOTICE. Unless you set the filter to pass debug messages to syslogd, then nothing would actually get through to the log file.

If you read through the man page, you'd also find that the following code *should* work:

        aslclient a = asl_open(NULL, "radius", 0);
        asl_set_filter(NULL, ASL_FILTER_MASK_UPTO(ASL_LEVEL_DEBUG));

        asl_log(a, NULL, ASL_LEVEL_DEBUG, "test");
        asl_close(a);
        return(0);

But due to a bug in asl_open(), it doesn't. Sorry about that! The bug will be fixed in 10.5 (Leopard).

--
Marc Majka


On 1 Oct, 2006, at 22:45, Terry Simons wrote:

Hi,

Is it possible to configure the Mac OS X syslogd for custom facilities? (Specifically Tiger)

I've tried doing the following:

radius.* /var/log/ radiator/authlog/syslog.log

My tests with "logger" fail:  'logger -p radius.info test'

logger: unknown facility name: radius.

I've been digging through the archives for an answer to this question, but I haven't had much luck with this specific problem.

From the syslog.conf manpage:

The facility describes the part of the system generating the message, and
is one of the following keywords: auth, authpriv, cron, daemon, kern,
lpr, mail, mark, news, syslog, user, uucp and local0 through local7.

Does this mean that custom logs using other keywords for the facility name aren't allowed?

I've double checked the following:

I'm using tabs, not spaces, in the facility line.
I've HUP'd the syslogd server.
The file exists and has correct permissions.

Is it possible to do what I want on Mac OS X 10.4?

Thanks,

- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Configuring syslog.conf for custom facilities.

      • From: Marc Majka <email@hidden>
      • 





References: 


 >Configuring syslog.conf for custom facilities. (From: Terry Simons <email@hidden>)


 >Re: Configuring syslog.conf for custom facilities. (From: Marc Majka <email@hidden>)






    

  • Prev by Date:
Re: rpc header help please

    • 

  • Next by Date:
Re: Configuring syslog.conf for custom facilities.

    • 

  • Previous by thread:
Re: Configuring syslog.conf for custom facilities.

    • 

  • Next by thread:
Re: Configuring syslog.conf for custom facilities.

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •