Solved

setting up syslog server on an OS X network

Posted on 2015-01-25
4
651 Views
Last Modified: 2015-01-27
I have 4 OS X devices (2 iMacs, 3 Mac Minis)  that I believe I have configured the /etc/syslog.conf to send their logs to my syslog server (IP 192.168.1.30) but I'm not seeing any logs going to the host. I must be missing something. I have rebooted all of systems just incase I didn't stop / start syslog correctly.

———————————--
Clients all have:
imac:~ $ cat /etc/syslog.conf
# Note that flat file logs are now configured in /etc/asl.conf

install.*						@127.0.0.1:32376
*.*							@192.168.1.30

Open in new window


———————————--
Server has:
syslog:~$ cat /etc/syslog.conf
# Note that flat file logs are now configured in /etc/asl.conf

install.*						@127.0.0.1:32376

Open in new window

0
Comment
Question by:bs98909
  • 2
  • 2
4 Comments
 
LVL 18

Accepted Solution

by:
SimonAdept earned 500 total points
ID: 40570094
Have you:
Used TAB characters to separate The selector and action fields in syslog.conf?

Checked that data is being sent from the workstation to the server using tcpdump?
         sudo tcpdump -i en1 host 192.168.1.30 and udp port 514

Allowed the traffic from the workstations through the firewall(s)?

Try Googling "osx send syslog to server" for more details.
0
 

Author Comment

by:bs98909
ID: 40572912
I have confirmed via "od" that intact there are tabs on the line. and the tcpdump has been running for about 24 hours and NADA.

I just got off the phone with Alex from apple support. He doesn't believe that the normal OS X can send logs only the Server can. That seems odd to me. His suggestion is to allow for file sharing and have the server mount the /var for all the systems I want to monitor.

Well being a Solaris and Linux guy, I think that is all hewey!

Apple now uses "asl" which seems to allow applications to log data. I don't know if it is asl that now needs to be configured. I'm not finding much on that.
0
 

Author Closing Comment

by:bs98909
ID: 40573095
I retraced the steps from the Splunk page: http://wiki.splunk.com/Community:HowTo_Configure_Mac_OS_X_Syslog_To_Forward_Data

I now can see the data leaving, so the syslog for the client is working!

not a clue why it didn't work the first two times — but third time is a charm.

Thank you
0
 
LVL 18

Expert Comment

by:SimonAdept
ID: 40573192
> being a Solaris and Linux guy, I think that is all hewey!
lol :)

Glad you persevered and made it work.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

If you are using Mac OS X and have a large number of login items set up in accounts, under system preferences, you may find that your computer is sluggish and unresponsive during startup until everything is done launching. Another problem that a…
The /etc/authorization file in Mac OS X 10.x can be used to control access to the various panes of the System Preferences amongst other things. It’s used by some of us Mac Sys Admin’s to give Standard Users access to System Prefs panes that only adm…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now