Setup guide
UNCLASSIFIED
UNCLASSIFIED
54
Chapter 4 –
Configuring System Settings
Figure 20: Console Log
In Mac OS X, log files are handled by either the BSD subsystem or a specific
application. The BSD subsystem handles most of the important system logging,
while applications such as the Apache web server handle their own logging. Like
other BSD systems, Mac OS X uses a background process called syslogd to
handle logging. A primary decision to make when configuring syslogd is whether to
use remote logging. In local logging, log messages are stored on the hard disk. In
remote logging, log messages are transferred over the network to a dedicated log
server which stores them. Using remote logging is recommended in addition to local
logging when possible.
Configuring syslogd
The configuration file for the system logging process, syslogd, is
/etc/syslog.conf. A manual for configuration of this file is available by issuing
the command man syslog.conf in a Terminal window. Each line within
/etc/syslog.conf consists of text containing three types of data: a facility, a
priority, and an action. Facilities are categories of log messages. The standard
facilities include mail, news, user, and kern (kernel). Priorities deal with the urgency
of the message. In order from least to most critical, they are: debug, info, notice,
warning, err, crit, alert, and emerg. The priority of the log message is set by the
application sending it, not syslogd. Finally, the action specifies what to do with a
log message of a specific facility and priority. Messages can be sent to files, named
pipes, devices, or to a remote host.
The following example line specifies that for any log messages in the category “mail”,
with a priority of “emerg” or higher, the message will be written to the
/var/log/mail.log file: