Monitor external device with syslogd on OS X

For some time now, I regularly but randomly sport spontaneous disconnects of my ADSL router at home, which is (as of today) a Zyxel Prestige 650-R. This little goodie sports a UNIX syslog facility which lets you record almost everything that happens during operation. Including, hopefully, the reason why it disconnects “at will”.

So far, so good. The only thing I needed at the other end of the pipe was some actual syslogd. No problem, I thought, Mac OS X is UNIX based and has this built-in. Unfortunately, for some good reasons, the syslogd only accepts local logging. Furthermore, the man page was actually outdated and did not match the options syslogd currently understands.

So started my quest for more viable information. The first hit at macosxhints was good. Except that it was written for Jaguar which sports an older version of syslogd. The remedy came in the form of an updated man page for syslogd: Obviously, omitting the -s option and adding a correct -a allowed_peer option would make it work.


Several hours and lots of searches for a logger client that let me log from one client to a server later, I finally managed to log the events. Simple. Just run

   sudo /usr/sbin/syslogd -a [source_ip]:514

and you’re done. You can conveniently change this in /etc/rc, line 122 or so.

The only thing you have to do on the server side is to setup /etc/syslog.conf with the right options to log the Router’s events to a separate file:

# Zyxel Prestige Router log facilitylocal1.*         /var/log/router.log

will log all events coming from the local1 facility to the desired file.

Finally, to complete the setup on the router, you have to set it to the same local1 facility and to add the destination IP. If—as in my case— you use DHCP to configure your computer’s IP, you can also add the broadcast IP of your local network. That is, if your home networks IP range is something like

    192.168.1.1-192.168.1.255

then just put 192.168.1.255 as the router’s syslog destination IP.

Voilà. Computing is that easy.

Update: The /var/log/router.log file must exist prior to the launch of the syslogd daemon. Otherwise, nothing will be logged! Hat tip: Ölbaum

comments powered by Disqus