+- 0Day Forums (https://zeroday.vip)
+-- Forum: Coding (https://zeroday.vip/Forum-Coding)
+--- Forum: C & C++ (https://zeroday.vip/Forum-C-C)
+--- Thread: macOS High Sierra syslog does not work (/Thread-macOS-High-Sierra-syslog-does-not-work)
macOS High Sierra syslog does not work - mellsman563260 - 07-27-2023
I try to send a log message to syslog via
logger -is -t TestApp -p user.error TEST MESSAGE1
Then I check if it is there
tail system.log
...
Apr 12 16:33:00 HOSTNAME TestApp[3024]: TEST MESSAGE1
So it works. Then I try to do the same via a compiled application.
openlog("TestApp", LOG_PID, LOG_USER);
setlogmask(LOG_UPTO(LOG_DEBUG));
syslog(LOG_ERR, "TEST MESSAGE2");
closelog();
I run the application then I check system.log
tail system.log
...
Apr 12 16:33:00 HOSTNAME TestApp[3024]: TEST MESSAGE1
....
and I cannot find "TEST MESSAGE 2" there. I also try to check it via "syslog"
syslog -s -l er TEST MESSAGE3
Same result. I cannot see the message in the log file.
OK. There might be some problems with log settings. So I try to configure logging to a specific file. I create /etc/asl/TestApp
# ASL configuration for TestApp
#
> /var/log/TestApp.log mode=0640 format=bsd rotate=seq compress file_max=1M all_max=5M
#
? [= Sender TestApp] file /var/log/TestApp.log
? [= Sender TestApp] [<= Level debug] claim
I restart both syslogd and ASL.
launchctl stop com.apple.syslogd
launchctl stop com.apple.aslmanager
launchctl start com.apple.aslmanager
launchctl start com.apple.syslogd
Then I try to send a message via "logger" again and check the logs
tail TestApp.log
Apr 12 16:47:49 HOSTNAME TestApp[3062]: TEST MESSAGE1
So "logger" works again. I try to do the same via the compiled application but I cannot see "TEST MESSAGE2". Then I do the same via "syslog -s -l er TEST MESSAGE3". Again I cannot see the message in TestApp.log and system.log.
I read the information about logging in macOS and it describes some changes but it does not say the old syslog method will not work.
What am I doing wrong? Why is "logger" working but "syslog" and my compiled (Hello World) application are not working?
Thanks
RE: macOS High Sierra syslog does not work - antoniogccgnycpmn - 07-27-2023
Apple broke `syslog(3)` functionality in macOS Sierra and it continues to be broken in High Sierra. There's not adequate words to describe how stupid Apple's change was.
The closest one might be able to come to seeing log messages sent by compiled programs (including the PHP interpreter, for example) is to use a command like this to pull them out of Apple's obtuse storage:
`log stream --info --debug --predicate 'sender == "<your-app-name>"' --style syslog`
But that only results in part of the syslog functionality. There's no support for sending logs to a central collection point via UDP, and most of the 8 urgency levels are now missing. The facility coding is likewise hobbled.