Syslog on OSX

I was trying to sort out a problem with logging in a production app. Instead of trying to replicate the problem on a system that better emulated production I spent some time figuring out how syslog works on OSX.

OSX uses the Apple System Log application to process syslog messages. The configuration lives in /etc/asl.conf and is not complex. I used this to capture all of the logs from the ‘api’ project.

> application_dev.log mode=0640 format=bsd rotate=seq compress file_max=5M all_max=50M
? [= Sender api] file application_dev.log

Once you change the file you’ll have to send -HUP to the syslogd process.

$ ps aux | grep syslogd
$ sudo kill -HUP # The pid from above

The first line, the one prefixed by ‘>’ sets up the write file and tells ASL to handle the log rotation(a nice bonus). The second line routes all messages from the api program to the application_dev.log. Which we then tail or open with Console.app to see the logs from the api program.

The ASL configuration has many more options, including filtering by log level and setting the deduplication limits.