I have two things to request from the readers of this site. I haven’t been able to find easy-to-follow instructions for the setup of either FreeRADIUS or syslogd running on any OS. (In my specific case, it’s Tiger Server, but it should be similar on any platform, shouldn’t it?) If you know something about either of these topics, keep reading for more specific details.
First, let’s tackle syslogd. I have a firewall and two AirPorts that have the capability to send their logs to a syslog server, and I would like to be able to use my Tiger server to collect those logs. I’d like the log for each device to be separate, with firewall logs going to /var/log/firewall.log, and AirPort logs going to /var/log/extreme.log and /var/log/express.log. This requires syslogd to listen on a certain UDP port and to know what data is coming from what device and what file to write that data to. Admittedly, I don’t know jack squat about syslogd, and as much as I’ve read the man pages and studied the /etc/syslog.conf file, it’s all that much muddier.
I know there’s an article at AFP548.com about syslogd setup, but it doesn’t appear to apply to Tiger. The first step in the instructions is to change a line in /etc/rc having to do with syslogd, and the line referenced doesn’t exist in that file in Tiger. I’m guessing that syslogd startup is now handled by launchd, but I’m not sure.
Secondly, and somewhat related, I noticed that Tiger server seems to come with FreeRADIUS installed. I’d like to use RADUIS in conjunction with both of my AirPorts. Ideally, I’d like to require authentication to my OpenDirectory server in order to join the wireless network. In lieu of that, if it’s not possible, I’d like to maintain a central list of permitted MAC addresses on the server instead of at each AirPort. And of course, both authentication and MAC address restriction at the server would be great too.
I have the same problem with FreeRADIUS I have with syslogd - I don’t understand the documentation and reading through the config files clouds the issue. I’m also aware of the AFP548.com article about FreeRADIUS, but it’s not what I need. That article is more about compiling and installing the software, not configuring it.
Frankly, I’d like to see Apple integrate both of these features into Server Admin. They provide support for RADIUS and external logging in their wireless products, so they should also make it simple to set up a server to work in conjunction with that same hardware.
So, if you’re a Unix genius that knows something about either syslogd or FreeRADIUS, please comment here. I’d love to work with you to understand one or both, and either publish your instructions (with full credit and necessary links to you) or write up my own with your help so that other Mac users can find these instructions in via Google.
My .Mac Web Gallery
Loading ...
May 24th, 2005 at 7:16 am
I’m running Tiger but not Tiger Server. To solve the problem of logging the extreme base station to my desktop I opened port 514 for the udp that I think carries the logs. Then I modified the file which starts up the syslogd daemon:
/System/Library/LaunchDaemons/com.apple.syslogd.plist
to add the sibling -u to the ProgramArguments, so that syslogd would be started with the ‘insecure’ -u flag to receive logs from the network. I relaunched it with launchctl. It worked, but broke after periodic daily. As a quick fix I have added a couple of lines to my daily.local (btw I run daily and daily.local with cron because of the StartCalendarEvents bug in launchd) to launch syslog from the plist using launchctl. This seem to work now.
May 25th, 2005 at 2:25 pm
Great! I think that’s the explanation I’ve been looking for.
I’ve spent a little time checking out why syslogd breaks after periodic.daily. I found this line in the /etc/periodic/daily/500.daily script:
if [ -f /var/run/syslog.pid ]; then kill -HUP $(cat /var/run/syslog.pid | head -1); fiI’m not exactly a Unix expert, but I think that line means, if a file named /var/run/syslog.pid exists, then kill the current running syslog process and restart it. The problem likely occurs when the syslogd process restarts - for some reason it doesn’t pick up the -u option you’ve specified in com.apple.syslogd.plist. I’m not sure why it wouldn’t, but maybe I can figure that out in the next few days and share the answer with you when I have it.
May 30th, 2005 at 5:47 am
OK we are making progress. But I have another problem: ipfw logging remains broken after periodic daily even after my launchctl workaround. To start it again I need to either reboot or uncheck and recheck Enable Firewall Logging in System Prefs > Sharing > Firewall > Advanced …
As a temporary fix I’d like to be able to do this step at the command line then it can go in daily.local.
The line you’ve spotted in 500.daily looks like the most likely point where things are going wrong.
But also I notice there is a process /usr/libexec/ipfwloggerd which seems to have no useful documentation. Understanding this might be relevant as well.
I suspect there is a bug: and would appreciate you posting this to Apple if you have enough information about it.
PeterK (MacPeter!)
May 30th, 2005 at 10:01 pm
I don’t have ipfw enabled on my server because it’s already behind a good hardware firewall, so I haven’t had the same problem. I’d be happy to post it as a bug, bug if they were to inquire into it further I wouldn’t be able to provide them any additional information because I don’t have a system with the problem.
May 31st, 2005 at 4:00 am
Aaron: i’ve posted this in the apple discussions:
In my original reply of 24th May I outlined how I got remote logging to work for me with Mac OS X 10.4.1 (but not the server version). At that stage I did not realize that my hack still left ipfw logging broken. Here is a complete fix which works for me: I put the following four lines in daily.local:
launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
kill -9 $(cat /var/run/ipfwlogger.pid | head -1)
/usr/libexec/ipfwloggerd
The first two are as I proposed before: they seem to do the job of getting back logging from your airport base station. The second two do the job of getting the ipfw logging working again in case you have enabled it in System Prefs > Sharing > Firewall > Advanced …
Please all be careful: I am far from expert and what works for me may not work for you. For example Tiger is set up differently if you did a clean install or an upgrade (I upgraded).