OutoSoft

Odd Software for Odd Jobs

Activating the syslog server on my Mac

A few months ago we finally were able to switch over from ADSL2 to NBN's fibre-to-the-node (FTTN) VDSL. We'd had ADSL2 since 2005 and never managed to break 6Mbps downstream.

So when NBN became available, we jumped at the chance. Of course, we have no chance of getting 100Mbps but we're happy with the 50Mbps possibility (around midnight, about 44Mbps). Anything is better than the piddly 4Mbps we were getting in the last days of ADSL2.

However the NBN product is a magnitude more unreliable … constant drop outs. To get some idea, I thought I'd start sending the modem's logs to a syslog server. Did some research on how to get the syslogd daemon to accept these logs - didn't appear to be anything in simple step-by-step format, and Apple had changed things over the years so the information wasn't necessarily up-to-date, but I figured it out. I know, I'm lazy … I spend my work day fixing problems in mobile phone networks - at home, I just want my shit to work (hence why fixing my Mac Pro took so long).

Anyway, this is how I got syslogd to accept my modem's logs, using the scraps of info from other, cleverer souls than I - Mac Pro running macOS High Sierra 10.13.4:

[1] Disable SIP:
[a] Restart Mac in Recovery Mode (CMD+R)
[b] Disable SIP in Terminal
csrutil disable
[c] Restart Mac

[2] Change directory permissions of /System/Library/LaunchDaemons
cd /System/Library/
sudo chmod 777 LaunchDaemons/

[3] Also changed permissions of the syslog daemon PLIST
cd /System/Library/LaunchDaemons/
sudo chmod 777 com.apple.syslogd.plist

[4] In Finder, navigated to /System/Library/LaunchDaemons and double-clicked the com.apple.syslogd.plist file. This opens the PLIST editor in Xcode.

[5] Add a new Sockets dictionary item - there's just BSDSystemLogger initially.
[a] On the Sockets line, press the +
NetworkListener = dictionary
[c] On the NetworkListener line, need to + two Strings
SockServiceName = syslog
SockType = dgram


The result should look something like below - doesn't matter if NetworkListener is before or after the existing BSDSystemLogger entry.

Pasted Graphic

[6] I was able to save the updated PLIST file because of the permission changes in [2] and [3]:
-rw-rw-rw-@ 1 brett wheel 612 13 Apr 09:40 com.apple.syslogd.plist

[7] Change the permissions back to what macOS expects:
cd /System/Library/
sudo chmod 755 LaunchDaemons/
cd /System/Library/LaunchDaemons/
sudo chmod 644 com.apple.syslogd.plist

[8] The file ownership also changed from root to brett, so I had to fix that too, otherwise restarting the daemon will fail with:
/System/Library/LaunchDaemons/com.apple.syslogd.plist: Path had bad ownership/permissions

This is done with the chown command:
sudo chown -v root com.apple.syslogd.plist

[9] Finally, I could restart the daemon:
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist


[10] I then opened the Console application and also monitored incoming UDP packets on the command line - I could see the syslog entries arriving, and also Console updating!
sudo tcpdump -i en0 host 192.168.1.1 and udp port 514

[11] Filtering in Console for when the link went down … "link down" … wow, it dropped 14 times from when I started capturing the logs to syslog and this morning:

Apr 13 10:46:19 kernel: Line 0: xDSL link down
Apr 13 10:46:31 kernel: Line 0: xDSL link down
Apr 13 11:16:27 kernel: Line 0: xDSL link down
Apr 13 11:16:38 kernel: Line 0: xDSL link down
Apr 13 11:16:59 kernel: Line 0: xDSL link down
Apr 13 11:17:12 kernel: Line 0: xDSL link down
Apr 13 11:17:41 kernel: Line 0: xDSL link down
Apr 13 11:17:48 kernel: Line 0: xDSL link down
Apr 13 19:06:21 kernel: Line 0: xDSL link down
Apr 13 19:06:37 kernel: Line 0: xDSL link down
Apr 13 22:30:43 kernel: Line 0: xDSL link down
Apr 13 22:30:55 kernel: Line 0: xDSL link down
Apr 13 22:32:17 kernel: Line 0: xDSL link down
Apr 13 22:32:28 kernel: Line 0: xDSL link down


I can also see logs when the link rate is changed … "rate change" … loads of entries, a small sample:

Apr 13 22:25:34 kernel: Line 0: Rate Change, us=15063, ds=30368
Apr 13 22:35:11 kernel: Line 0: Rate Change, us=19904, ds=20192
Apr 13 22:35:57 kernel: Line 0: Rate Change, us=10101, ds=20192
Apr 13 22:35:57 kernel: Line 0: Rate Change, us=9956, ds=20192


[12] Oh, don't forget to re-enable SIP by restarting in Recovery Mode, executing csrutil enable, then restarting



Finally got my Mac Pro working again

After a long absence due to my Mac Pro being unstable, I'm back.

I found that my poor Mac would spontaneously restart. With so much other stuff going on, I just left it in the too-hard basket. It seemed to me to be temperature related - it'll run fine first thing in the morning for a while, restart, run fine for a little bit more, then just give up … like some component was over-temp. I did setup my phone to record video of the temperatures when it restarted, but the CPU temps didn't seem unusual.

I did discuss the issue with the US eBay seller that I had bought the 6-core Xeons from, who suggested a few things, but went quiet when I asked about warranty.

I managed to get the Mac running with just CPU-A … as CPU-B was missing the fans ran constantly. But it allowed me to a full backup finally! As the eBay seller had gone quiet, I bought a single Xeon locally - seemed to fix the problem … enough to do the macOPS High Sierra firmware & software update … but then it returned.

So I then thought it could be the processor tray itself. I ended up buying another Mac Pro 2009, just for the tray. And what do you know … the problem was resolved! So it turned out to be the processor tray.

I ran the Mac Pro I bought for parts with the suspect processor tray and the stock 4-core 2.26GHz Xeons it came with (my Mac Pro had the 2.66GHz Xeons, in storage somewhere). It seemed to be fine - bargain, two Mac Pros! But then it started having the same issues. So definitely the processor tray. I could only find one tray by itself on eBay in Australia … AU$175 … fair enough … but it's "water damaged, signs of rust, but works fine!" … nah, that's okay. There's a bunch in the US but these are all upgraded, which I'm not really fussed with. Even if I could get a single CPU tray, I'd be happy.

I'm going to see if I can repair the tray so I have a second Mac Pro I can use - this article on xlr8yourmac.com seems a good starting point.