Thursday, March 03, 2022
And in other news, old man shakes fist at clouds
Last week LibreSSL released a vew version of libtls.
I'm not using LibreSSL's version of libtls but libretls,
a port of LibreSSL's libtls to OpenSSL
(got that? Good).
So I pull down the code so I can add the new features to my Lua TLS module when I notice the TLS_API version hasn't been updated.
Again!
I swear,
what is up with the LibreSSL guys and not updating the TLS_API value?
If they aren't going to update the value,
why even have it in the first place?
Tuesday, March 08, 2022
Is there any functional difference between Apple and Microsoft anymore?
At the Corporation,
we use syslog() to log stuff.
I know it's not popular among the hipster crowd,
but honestly,
I don't find the modern replacements to be all that great,
nor as ubiquitous,
as syslog().
So I'm trying to configure Belial, the annoying Mac Laptop,
to handle logging from the various components and nothing I do seems to make any difference.
I have configured the running syslogd on Belial to match that of the older Mac laptop
(and my Mac mini)
but nope.
No output from any of the components.
That's not to say nothing is being logged,
but it's only the programs from Apple that have any logging.
I'm not entirely sure what is going on.
In other Belial-related news,
I ran XCode while trying to troubleshoot the syslog() issue.
It didn't help
(because Apple no longer allows root to change certain files without extreme measures,
but that's a rant for another time)
but rather more troubling,
XCode refused to quit running!
There was no way to quit the application,
and I couldn't shutdown the laptop because XCode was running.
I was only able to get it to stop running by forcibly removing power from the laptop.
Way to go, Apple! <slow clap>
Update later today …
I think I can answer that question: No difference at all. The hipsters have won and the old ways should be burned to the ground, and the ground salted.
Wednesday, March 09, 2022
Notes on syslog support from Mac OS 11.6.4
Yes,
I know,
Mac OS-X 11.6.4 is more than 20 minutes old.
Shut up!
Anyway,
a bit more about syslog() support on Macs.
Our components
(like Project: Lumbergh)
compile on Macs.
We do initial testing on Macs.
Also,
our components use syslog().
And it's not like Mac OS-X has dropped syslog() entirely—our code still compiles.
But syslog() isn't quite working as I expect it to work.
When I run tests,
I monitor the logs in real time—I've configured both my Macs
(the older one, and Belial, the annoying Mac Laptop) to forward syslog messages to a central server,
which I can then monitor in real time based using my syslogd replacement
(I should probably go into detail about how that works,
but that's beyond the scope of this entry).
Yes, I am seeing messages show up:
Mar 09 18:27:20 user notice 192.168.1.105 com.apple.xpc.launchd entering bootstrap mode Mar 09 18:27:20 user notice 192.168.1.105 com.apple.xpc.launchd exiting bootstrap mode Mar 09 18:27:20 user warn 192.168.1.105 com.apple.xpc.launchd Service exited with abnormal code: 254 Mar 09 18:27:26 daemon notice 192.168.1.105 aciseagentd Function: loadXMLCfgFile Thread Id: 0x2E77D40 File: ConfigData.cpp Line: 46 Level: warn :: ISEPostureCFG.xml not found, using defaults Mar 09 18:27:26 daemon notice 192.168.1.105 aciseagentd Function: GetConfigData Thread Id: 0x2E77D40 File: ConfigData.cpp Line: 220 Level: warn :: The cfg parameter for numeric value VlanDetectInterval was invalid. Using default. (XML was ) Mar 09 18:27:40 user notice 192.168.1.105 com.apple.xpc.launchd entering bootstrap mode Mar 09 18:27:40 user notice 192.168.1.105 com.apple.xpc.launchd exiting bootstrap mode Mar 09 18:27:40 user warn 192.168.1.105 com.apple.xpc.launchd Service exited with abnormal code: 254 Mar 09 18:27:46 user notice 192.168.1.105 com.apple.xpc.launchd Service exited due to SIGKILL | sent by mds[316] Mar 09 18:27:50 user notice 192.168.1.105 com.apple.xpc.launchd Service exited due to SIGKILL | sent by mds[316] Mar 09 18:27:50 user notice 192.168.1.105 com.apple.xpc.launchd Service exited due to SIGKILL | sent by mds[316] Mar 09 18:27:50 user notice 192.168.1.105 com.apple.xpc.launchd Service exited due to SIGKILL | sent by mds[316] Mar 09 18:27:50 user notice 192.168.1.105 com.apple.xpc.launchd Service exited due to SIGKILL | sent by mds[316] Mar 09 18:27:50 user notice 192.168.1.105 com.apple.xpc.launchd Service exited due to SIGKILL | sent by mds[316] Mar 09 18:27:50 user notice 192.168.1.105 com.apple.xpc.launchd Service exited due to SIGKILL | sent by mds[316] Mar 09 18:27:50 user notice 192.168.1.105 com.apple.xpc.launchd Service exited due to SIGKILL | sent by mds[316] Mar 09 18:27:50 user notice 192.168.1.105 com.apple.xpc.launchd Service exited due to SIGKILL | sent by mds[316] Mar 09 18:27:50 user notice 192.168.1.105 com.apple.xpc.launchd Service exited due to SIGKILL | sent by mds[316] Mar 09 18:28:00 user notice 192.168.1.105 com.apple.xpc.launchd entering bootstrap mode Mar 09 18:28:00 user notice 192.168.1.105 com.apple.xpc.launchd exiting bootstrap mode Mar 09 18:28:00 user warn 192.168.1.105 com.apple.xpc.launchd Service exited with abnormal code: 254 Mar 09 18:28:20 user notice 192.168.1.105 com.apple.xpc.launchd entering bootstr
So the syslogd forwarding is working
(although I'm not sure which service exited due to SIGKILL since that information isn't logged,
but whatever,
I'm getting logs forwarded by syslogd on Belial).
But when I run our stuff?
Nothing comes through.
This code comples and runs:
#include <stdio.h>
#include <syslog.h>
int main(void)
{
for (int pri = 0 ; pri < 8 ; pri++)
syslog(pri,"This is a test %d",pri);
return 0;
}
But I'm not seeing the logs being forwarded.
And even when I edited /etc/syslog.conf to read:
# Note that flat file logs are now configured in /etc/asl.conf install.* @127.0.0.1:32376 *.* @192.168.1.10 *.* /tmp/log-all-the-things.txt
The /tmp/log-all-the-things.txt file wasn't even created!
There are messages being forwarded to 192.168.1.10,
but aside from that,
it's as if everything else in this file is being ignored.
After some searching,
I did find about about the log program.
I ran log stream –process syslogt in one window,
then my test program syslogt in another,
and behold:
[sconner]belial:~>log stream --process syslogt Filtering the log data using "process BEGINSWITH[cd] "syslogt"" Timestamp Thread Type Activity PID TTL 2022-03-09 18:28:16.110052-0500 0x3513e Default 0x0 19313 0 syslogt: This is a test 0 2022-03-09 18:28:16.110914-0500 0x3513e Default 0x0 19313 0 syslogt: This is a test 1 2022-03-09 18:28:16.110943-0500 0x3513e Default 0x0 19313 0 syslogt: This is a test 2 2022-03-09 18:28:16.110965-0500 0x3513e Default 0x0 19313 0 syslogt: This is a test 3 2022-03-09 18:28:16.110986-0500 0x3513e Default 0x0 19313 0 syslogt: This is a test 4 2022-03-09 18:28:16.111005-0500 0x3513e Default 0x0 19313 0 syslogt: This is a test 5
Logs!
Only … not all of them.
syslog() supports eight levels of logging,
yet this only shows six.
The final two,
levels LOG_INFO and LOG_DEBUG aren't logged!
Even editing the /etc/asl.conf file to read:
# save everything from emergency tonoticeDEBUG ? [<= Level debug] store
Doesn't help.
Levels LOG_INFO and LOG_DEBUG are simply dropped.
And guess what level most of our logs are at?
XXXX you, Apple!
