This is a blog not related to Oracle products in any way.
This post is specific to apple Airport Extreme and Express wifi routers. However, in general: if you have multiple (unix/linux) servers, it makes sense to centralise the (sys)logging of these servers, in order to get a better overview on what is happening on these servers. I would want to go as far as saying that if you don’t you are simply not doing it right.
The central logging can be another syslog deamon receiving the logging, but there are many more products who are able to receive logging, like splunk, graylog, logstash and so on. This blogpost is about my home wifi routers, I use the simple and limited Synology “Log Center” daemon.
What this blog post is about: enabling remote logging on an Apple Airport device.
In ancient versions of apples Airport Utility, you simply could set the logging server. Apparently this version is still around, but it feels like a nuisance to me to install an older version, and there is a chance it does not work with the current version of OSX, and that it breaks something on the Airport side.
However, it’s really simple actually to set the logging server, and even to see if the logging server option is a supported option. In order to do this, go into the Airport utility, click an Airport device and click edit. Now go to ‘File’, and select ‘Export Configuration File…’. Select a name in ‘Save As:’, and save it.
This saves the configuration of the Airport device in XML format in a file that ends with “.baseconfig”. To understand what elements in the XML file mean, you can look at this link.
In order to set the logserver, open the “.baseconfig” file you just created, and search for “slCl”. The row you will find is:
Actually when there is no syslog server configured already, it will look like this:
Setting the syslog server is as simple as setting the ip address of your log server at the place of 0.0.0.0! Once this configuration is made active (that is the final step, which we will do next) the Airport device will send BSD like syslog information to port 514/UDP of the ip address just set. This is the default setting for a receiving syslog server. Make sure to save the file when you changed the 0.0.0.0 ip address with the ip address of your log server.
The final step is to go into the Airport Utility again, click the Airport device, click edit, “File”, and choose “Import Configuration File…”. Select the “.baseconfig” file you just edited, and open. This will get you back in the edit/configuration dialogue. To effectuate the setting, click “Update”. This will reboot your Airport device, and have remote sys logging enabled.
Extra setting: below “slCl”, you will find “slvl”, this is the log level threshold for sending. By default, it’s 5 (notice), if you want lesser information, set it to 4 (warning), or 3 (error), etc.