macos 如何在 Mac 上启动 Syslogd 服务器以接受远程日志消息?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5510563/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to start Syslogd server on Mac to accept remote logging messages?
提问by willpowerforever
Anyone knows how to start Syslogd server on Mac to accept remote logging messages?
任何人都知道如何在 Mac 上启动 Syslogd 服务器以接受远程日志消息?
I started Syslogd, but seems it doesn't accept remote messages.
我启动了 Syslogd,但它似乎不接受远程消息。
If I do a netstat -an it looks like udp port 514 is listening. However, if I scan the server from my laptop using nmap then I don't see udp 514. It's likely the port is being blocked somewhere. I have checked ipfw but it does not look like any rules defined.
如果我执行 netstat -an 看起来 udp 端口 514 正在侦听。但是,如果我使用 nmap 从我的笔记本电脑扫描服务器,那么我看不到 udp 514。很可能该端口在某处被阻止了。我已经检查过 ipfw,但它看起来不像任何定义的规则。
I've seen lots of articles say that have to specify -r option. Is this the same on Mac? How to do that on Mac?
我看过很多文章说必须指定 -r 选项。这在Mac上是一样的吗?如何在 Mac 上做到这一点?
回答by Gordon Davisson
Syslogd should already be running on your system; what you need to do is enable its UDP listening option. This is controlled by a section near the end of /System/Library/LaunchDaemons/com.apple.syslogd.plist; remove the comment markers so that it looks like this:
Syslogd 应该已经在您的系统上运行;您需要做的是启用其 UDP 侦听选项。这由靠近 /System/Library/LaunchDaemons/com.apple.syslogd.plist 末尾的部分控制;删除注释标记,使其看起来像这样:
<!--
Un-comment the following lines to enable the network syslog protocol listener.
-->
<key>NetworkListener</key>
<dict>
<key>SockServiceName</key>
<string>syslog</string>
<key>SockType</key>
<string>dgram</string>
</dict>
</dict>
</dict>
</plist>
And then reload the syslogd daemon either by rebooting, or by running:
然后通过重新启动或运行来重新加载 syslogd 守护进程:
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
UPDATE: Starting in OS X v10.7, Apple switched com.apple.syslogd.plist to a binary plist format, which doesn't include the relevant comment, and isn't editable as plain text. With the new format, PlistBuddy seems to be the easiest way to add the listener:
更新:从 OS X v10.7 开始,Apple 将 com.apple.syslogd.plist 切换为二进制 plist 格式,其中不包含相关注释,并且不能作为纯文本进行编辑。使用新格式,PlistBuddy 似乎是添加侦听器的最简单方法:
cd /System/Library/LaunchDaemons
sudo /usr/libexec/PlistBuddy -c "add :Sockets:NetworkListener dict" com.apple.syslogd.plist
sudo /usr/libexec/PlistBuddy -c "add :Sockets:NetworkListener:SockServiceName string syslog" com.apple.syslogd.plist
sudo /usr/libexec/PlistBuddy -c "add :Sockets:NetworkListener:SockType string dgram" com.apple.syslogd.plist
sudo launchctl unload com.apple.syslogd.plist
sudo launchctl load com.apple.syslogd.plist
回答by norganna
A bit old, but I did have to do this today and whilst searching around for a simple piece of software to do this for me I came across this question.
有点旧,但我今天确实必须这样做,在四处寻找一个简单的软件来为我做这件事时,我遇到了这个问题。
All I really wanted to do was watch some syslog entries for a short period of time and see what was coming from the server so what I ended up doing was:
我真正想做的就是在短时间内观看一些系统日志条目,看看来自服务器的内容,所以我最终做的是:
sudo tcpdump -lns 0 -w - udp and port 514 | strings
This will simply print out any message that is sent to your machine on the output so you can display it.
这将简单地在输出上打印发送到您的机器的任何消息,以便您可以显示它。
Anyway if you do this and it outputs messages that are being transmitted to your server you can be sure it's not being blocked by your firewall or any other hardware in the middle.
无论如何,如果您这样做并且它输出正在传输到您的服务器的消息,您可以确定它没有被防火墙或中间的任何其他硬件阻止。
