This gist tests various aspects of syslog from Ruby. In order to do so you have to setup syslog first.
Setting up syslog is system-specific and quite variable because of variations like rsyslogd or syslogd-ng. OSX, for example, uses a custom system logger (the apple system logger) that supports the syslog API, but also adds additional stuff like the 'syslog' command line application.
The basic requirement is to make syslog to write to '/var/log/local2.log' using the local2 facility. If this prints a 'hello world' log message then these tests should run properly.
logger -s -p local2.info -t example hello world grep example /var/log/local2.log
The tests can be configured to use an alternate log file and/or facility via the SYSLOG_TEST_LOG_FILE and SYSLOG_TEST_FACILITY environment variables.
OS X has a fairly standard syslog config (side note - it does not have the bells of the syslogd on FreeBSD).
Add this to /etc/syslog.conf:
Then restart syslogd:
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
It's a good idea to intentionally use string formatting (ie '%s'), to prevent the chance of extra arguments getting passed in and busting Syslog. Lastly, null characters need to be escaped to prevent truncation, and there is some strange escaping with carriage returns and line feeds. Basically the safe practice is to scrub for anything but alphanumeric and punctuation characters.
It's a bad idea to rely on messages longer than 1k. There's a break point somewhere between 1k and 2k when logging to a file on many systems (although some systems allow for much larger messages). There are additional constraints when when logging across UDP, due to the protocol itself. I haven't seen problems below 1k but it gets complicated for larger messages.
From the Transmission of Syslog Messages over UDP RFC:
IPv4 syslog receivers MUST be able to receive datagrams with message sizes up to and including 480 octets. IPv6 syslog receivers MUST be able to receive datagrams with message sizes up to and including 1180 octets. All syslog receivers SHOULD be able to receive datagrams with message sizes of up to and including 2048 octets. The ability to receive larger messages is encouraged.
See also the Syslog Protocol RFC.