Tuesday, March 24, 2015

Change syslog logging level on Yosemite

In "Debug a smart card application on Yosemite" we have seen how Apple provides a way to get the ATR and exchanged APDU from the com.apple.ifdreader process (new on Yosemite).

syslog(3)

In some cases you need more than just ATR and APDU. That is why my CCID driver also uses syslog() to log debug messages.

According to syslog(3) manual page syslog() prototype is: void syslog(int priority, const char *message, ...);

The priority parameter is used to tell if the syslog message is important or not. For example messages of level LOG_EMERG are "A panic condition. This is normally broadcast to all users."

You can use the syslog(1) command line tool to log a message. To log an emergency message just do:
$ syslog -s -l 0 Read http://ludovicrousseau.blogspot.fr/
  • -s to send a message
  • -l 0 to use level 0 i.e. Emergency

You should see a message broadcasted in every Terminal console and a message in /var/log/system.log. You can use the Console application to read the /var/log/system.log file.

By default messages with level Info (6) or Debug (7) are just ignored.

Logging low level messages

To log messages of level Info and Debug from the CCID driver you need to tell syslog to accept them. We could change the global configuration to accept debug messages from every running process but that may generate a lot of noise. Each process has its own syslog filter. We will use that feature instead.

First step is to get the process identification (PID) of the com.apple.ifdreader process. I use something like:
$ ps -Aww | grep com.apple.ifdreader
28775 ??         0:00.74 /System/Library/CryptoTokenKit/com.apple.ifdreader.slotd/Contents/MacOS/com.apple.ifdreader
28803 ttys000    0:00.00 grep com.apple.ifdreader

In my case the PID is 28775.

You can see the syslog filter for the process using:
$ syslog -c 28775
Process 28775 syslog filter mask: Off

Change the filter using:
$ sudo syslog -c 28775 -d
-d indicates: set the filter level to cause to log messages from Emergency up to Debug.

And verify the filter has changed:
$ syslog -c 28775 
Process 28775 syslog filter mask: Emergency - Debug

Displaying logs

You can use the Console application to display the logs.

You can also use a command line program with:
$ syslog -w -k Sender com.apple.ifdreader
This will continuously display the log messages from com.apple.ifdreader as they are generated by the driver.

Conclusion

Apple removed the ability to run pcscd in foreground mode from the console on Yosemite because pcscd has been replaced by something different (See "OS X Yosemite and smart cards status").

As we have seen in this article it is still possible to log messages from a smart card reader driver. Using syslog may even be easier to use than restarting the pcscd process.