View rotated log files Mac OS X Server (*.?.gz)

gziplog-filesmac-osxmac-osx-server

Trying to look at some of our older log files and find they're cryptic "Unix Executable Files". This particular server I'm working with is an older Mac OS X Server (10.4 – Tiger).

-rw-r-----   1 root  admin         36  1 Jun 15:48 wtmp
-rw-r--r--   1 root  admin        578 27 May 17:40 wtmp.0.gz
-rw-r-----   1 root  admin         89 26 Apr 13:57 wtmp.1.gz
-rw-r-----   1 root  admin         78 29 Mar 16:43 wtmp.2.gz
-rw-r-----   1 root  admin         69 15 Feb 17:21 wtmp.3.gz
-rw-r-----   1 root  admin        137 16 Jan 13:09 wtmp.4.gz

i'm using zless to try and view the contents of the .gz files. and what i see is unreadable:

...
<DF>^R<AF>ttyp1^@^@^@joe54^@^@^@^@^@108.184.63.22^@^@^@^@K<DF>"<B8>ttyp1^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@K<DF>%<A1>console^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@K<E0>1  ~^@^@^@^@^@^@^@shutdown^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@K<E0>1^L~^@^@^@^@^@^@^@reboot^@^@^@^@^@^@
...

same goes for system.log.0.gz, etc… anything that's been rolled in compressed .gz files. What am i missing?

Best Answer

The wtmp and utmp files are binary data - not text. Use last to view information in them.

From man utmp:

The file is a sequence of utmp structures, declared as follows in (note that this is only one of several definitions around; details depend on the version of libc):

blah, blah ... #defines and struct foo and struct bar ...

Related Solutions

Ssh – How to change sshd port on Mac OS X

Every previous answer is working (as google suggest too), but they are dirty and inelegant.

The right way to change the listening port for a launchd handled service on Mac OS X is to make the changes the dedicated keys available in ssh.plist

So the solution is as simple as to use the port number instead of the service name.

An excerpt from my edited /System/Library/LaunchDaemons/ssh.plist:

    <key>Sockets</key>
    <dict>
            <key>Listeners</key>
            <dict>
                    <key>SockServiceName</key>
                    <string>22022</string>
                    <key>SockFamily</key>
                    <string>IPv4</string>
                    <key>Bonjour</key>
                    <array>
                            <string>22022</string>
                    </array>
            </dict>
    </dict>

Note:

To be able to edit this file on El Capitan, Sierra and probably future versions as well, you need to disable SIP (System Integrity Protection). See How do I disable System Integrity Protection (SIP).

For Catalina, even after disabling SIP, the volumes are unwritable. Use sudo mount -uw / in order to enable writing to /System. Do the change then restore SIP and reboot.

The above edit will also force sshd to listen only over IPV4.

After making any changes to ssh.plist, the file must be reloaded as follows:

sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
sudo launchctl load /System/Library/LaunchDaemons/ssh.plist

Note that using launchctl stop ... and launchctl start ... will NOT reload this file.

The man page with more information can be found by typing man launchd.plist or using this link.

MySQL Logs – Where to Find MySQL Log on OS X

As Chealion mentioned, there are several ways that your mysql could have been installed. Each of which will place your data dir and/or logs in different locations. The following command will give you (and us) a good indication of where to look.

ps auxww|grep [m]ysqld

# Putting brackets around the first char is a `grep`+`ps` trick
# to keep it from matching its own process.
# Note: For zsh compatibility put quotes around the grep regex

Can you post the result of that command here please? Mine looks like this:

_mysql     101   0.0  0.3   112104  13268   ??  S    12:30AM   0:13.20 /opt/local/libexec/mysqld --basedir=/opt/local --datadir=/opt/local/var/db/mysql --user=mysql --pid-file=/opt/local/var/db/mysql/rbronosky-mbp.pid
root        76   0.0  0.0   600172    688   ??  S    12:30AM   0:00.02 /bin/sh /opt/local/lib/mysql/bin/mysqld_safe --datadir=/opt/local/var/db/mysql --pid-file=/opt/local/var/db/mysql/rbronosky-mbp.pid

From that you can see that my datadir is /opt/local/var/db/mysql (because I installed via MacPorts). Let's take this lesson a bit further...

From the first line you can see the my daemon is /opt/local/libexec/mysqld. The mysqld can be called with --verbose --help to get a list of all command line options (and here is the important/valuable part!) followed by the values that would be used if you were launching mysqld instead of just checking the help output. The values are the result of your compile time configuration, my.cnf file, and any command line options. I can exploit this feature to find out EXACTLY where my log files are, like so:

/opt/local/libexec/mysqld --verbose --help|grep '^log'

Mine looks like this:

log                               /tmp/mysql.log
log-bin                           /tmp/mysql-bin
log-bin-index                     (No default value)
log-bin-trust-function-creators   FALSE
log-bin-trust-routine-creators    FALSE
log-error                         /tmp/mysql.error.log
log-isam                          myisam.log
log-queries-not-using-indexes     FALSE
log-short-format                  FALSE
log-slave-updates                 FALSE
log-slow-admin-statements         FALSE
log-slow-queries                  (No default value)
log-tc                            tc.log
log-tc-size                       24576
log-update                        (No default value)
log-warnings                      1

LO AND BEHOLD! all of the advice in the world was not going to help me because my log file is kept in a completely non-standard location! I keep mine in /tmp/ because on my laptop, I don't care (actually I prefer) to loose all of my logs on reboot.

Let's put it all together and make you a oneliner:

$(ps auxww|sed -n '/sed -n/d;/mysqld /{s/.* \([^ ]*mysqld\) .*/\1/;p;}') --verbose --help|grep '^log'

Execute that one command and you will get a list of all of the logs for your running instance of mysql.

Enjoy!

This Bash-Fu brought to you for free by my commitment to all things Open Source.

Best Answer

Related Solutions

Ssh – How to change sshd port on Mac OS X

MySQL Logs – Where to Find MySQL Log on OS X

Related Topic