Using SyslogAppender on OS X
I’m using ch.qos.logback.classic.net.SyslogAppender to send messages to syslog and I need to be able to test the configuration on OS X. There are various sources of information on how to do this but no comprehensive explanation of what to do for OS X 10.7 so here’s my four step process.
Choose the syslog facility to log to
The facility an information field associated with a syslog message. It is used, together with the priority, in the syslog configuration to separate the processing of different messages. For instance, to send all informational messages from the mail system to a one log file and all critical messages from cron to another. Choosing the facility to use is important. You want to pick one that isn’t used by any, or many, other systems so that you can separate your log messages from others. I picked LOCAL6 based on this answer on serverfault. It’s easy to change though once you get the system working.
Configure syslog to log your messages to a file
The SyslogAppender will send logged messages to the syslog daemon (syslogd) and that will use the configuration in /etc/syslog.conf to decide what to do with them next. You’ll need to use sudo to edit the config file because only root has write access to it. I used sudo emacs /etc/syslog.conf. For my testing purposes I just want to log to a file so I added a line to direct messages from the local6 at all priority levels to a vast.log file.
At this point you should test your syslog configuration using the logger command line program. First you have to get syslogd to reload its configuration using the two commands below.
Now you can use logger command to send a message. Here I’m sending an info priority message to the local6 faciltiy.
In the log file you should see something like
Configure syslog to accept messages via a network socket
SyslogAppender uses the java.net.Datagram class to send messages to syslog. As installed on OS X syslog does not accept messages over network connections so the configuration must be changed. For this you have to edit the /System/Library/LaunchDaemons/com.apple.syslogd.plist file. This, unfortunately from the point of view of editability, is only writable by root and is in binary not xml format. In earlier versions of OS X the format was xml and the required elements were present but commented out, in 10.7 they are not present. I had to use the PlistBuddy program supplied by Apple to make the required edits. You can see the sequence of commands I used below. The intention is to add a NetworkListener dictionary entry with with SockServiceName and SockType properties.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
After making the changes above you have to reload the syslog configuration again as you did after modifying syslog.conf.
Configure the SyslogAppender
The logback manual has information on how to configure the SyslogAppender. An appropriate example configuration for my testing is.
1 2 3 4 5
Finally, give this a test this by running you app and you should see messages appearing in the log file you configured in /etc/syslogd.conf
I pulled together the information for this post from a number of sources on the web. In addition to those linked to in the post the original inspiration and flow is from Fun with SyslogAppender, information about what needs to be added to the com.apple.syslogd.plist came from Syslogd on 10.6: enabling UDP listening on 514