Reading syslog output on a Mac

I have a program that was written for linux and I am trying to build and run it on my MacOS 10.5 machine. The program builds and runs without problem, however it makes many calls to syslog. I know that syslogd is running on my mac, however I can't seem to find where my syslog calls are output to.

The syslog calls are of the form

syslog (LOG_WARNING, "Log message");

Any idea where I might find my log output?

/var/log/system.log

You can monitor it easily using tail -f /var/log/system.log

See also the "logger" (man logger) and "syslog" (man syslog).

You should probably use the Console.app to view logfiles. It's purdy.

Select your device on the left and filter messages on the right:

Maybe interesting to note: Apple was using a real syslogd in the past but meanwhile all of this has switched to ASL (Apple System Log). The syslog command is still available, but it will only access this one log. If you want to access all log messages of ASL across all log files configured, use the log command.

E.g. the following shows all log messages produced by Safari within the last two days (be patient, can take a while):

log show --predicate 'process == "Safari"' --last 2d

See man log for all the actions you can perform, all the parameters it knows and what attributes you can filter for.

When in doubt, there's always man syslog.

You can find your messages in /var/log/syslog; my machine is set up out of the box to only include high level messages so you may need to have your settings.

You can also read the messages through syslog(1), or create a test message with a command like

$ syslog -s -l INFO "Hello, world."

use a severity of P ("panic") and you'll get an exciting message on your console immediately.

Mac OS X implements a superset of syslog's functionality. All of syslog is there, but as part of ASL.

Console, mentioned by Matthew Schinckel in his answer, is the GUI on ASL. It'll show you any messages that exist in the database, as fetched by queries listed in the sidebar. There are two queries by default; one only shows messages sent with the Console facility (as used by NSLog, among other things), whereas the other shows all log messages. Check the all-messages query; you'll probably find your message there.

That “all” does come with an asterisk. If you look in /etc/asl.conf, you'll see this line:

# save everything from emergency to notice
? [<= Level notice] store

Fortunately, in your case, the message will pass this check, since warning outranks (is a lesser number than) notice.

Building on Charlie's answer, I would like to add that you should take a look at the manpage of syslog.conf(5) and also take a peek at the file /etc/syslog.conf (which is where the syslog configuration is defined by default and also, as I see it, on OS X 10.5.x).

If you need complex syslog analysis (navigation hour by hour in terminal, regexp, comparing in real time w\ other files or even running SQL over syslog) lnav would seamlessly provide it for you.

Installation:

brew install lnav

Usage:

lnav /var/log/system.log

UI itself:

Check for a call to openlog somewhere in the program. After a call to openlog, syslog will save its output to that log file instead of the default location.