Specifications
300 Chapter 19 Configuring and Managing System Logging
Configuring Mac OS X Server to act as a remote log server involves changing syslogd
command-line arguments. Enabling remote logging services requires removal of the -s
tag from the
syslogd tool, which allows any host to send traffic via UDP to the logging
computer, which can present security risks.
To better control the hosts that are allowed to send logging message traffic, use the
-a
option to ensure that log messages from only specific IP addresses are accepted. You
can use the -a option multiple times to specify additional hosts. Follow the -a option
with an address in this format:
-a ipaddress/masklen[:service]
This format is the IPv4 address with a mask bit length. Optionally, the service can be a
name or number of the UDP port the source packet must belong to.
When using the -a option, do not omit the masklen portion, because the default
masklen might be very small and the corresponding matching addresses could be
almost anything. The default [:service] is syslog, which should not need to be
changed.
For example, match a subnet of 255 hosts as follows:
-a 192.168.1.0/24
or match a single host like this:
-a 192.168.1.23/32
You can specify host names or domain names instead of IP addresses,
but this is not recommended.
To configure Mac OS X Server as a log server that accepts log messages from other
systems on the network:
1 Open /etc/rc and locate the following line:
/usr/sbin/syslogd -s -m 0
2 Replace the IP address after -a with your network information and change the line to:
/usr/sbin/syslogd -n -a 192.168.1.0/24
The -n option disables DNS lookups.
3 Insert this command as the next to last line of the file, before the exit 0 line:
killall -HUP syslogd #re-load configuration
exit 0
syslogd
contains features not documented on its man page. A more recent man page
that fully describes its features is available at www.freebsd.org/cgi/
man.cgi?query=syslogd.