Solved

setting up syslog server on an OS X network

Posted on 2015-01-25
4
836 Views
Last Modified: 2015-01-27
I have 4 OS X devices (2 iMacs, 3 Mac Minis)  that I believe I have configured the /etc/syslog.conf to send their logs to my syslog server (IP 192.168.1.30) but I'm not seeing any logs going to the host. I must be missing something. I have rebooted all of systems just incase I didn't stop / start syslog correctly.

———————————--
Clients all have:
imac:~ $ cat /etc/syslog.conf
# Note that flat file logs are now configured in /etc/asl.conf

install.*						@127.0.0.1:32376
*.*							@192.168.1.30

Open in new window


———————————--
Server has:
syslog:~$ cat /etc/syslog.conf
# Note that flat file logs are now configured in /etc/asl.conf

install.*						@127.0.0.1:32376

Open in new window

0
Comment
Question by:bs98909
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 18

Accepted Solution

by:
Simon earned 500 total points
ID: 40570094
Have you:
Used TAB characters to separate The selector and action fields in syslog.conf?

Checked that data is being sent from the workstation to the server using tcpdump?
         sudo tcpdump -i en1 host 192.168.1.30 and udp port 514

Allowed the traffic from the workstations through the firewall(s)?

Try Googling "osx send syslog to server" for more details.
0
 

Author Comment

by:bs98909
ID: 40572912
I have confirmed via "od" that intact there are tabs on the line. and the tcpdump has been running for about 24 hours and NADA.

I just got off the phone with Alex from apple support. He doesn't believe that the normal OS X can send logs only the Server can. That seems odd to me. His suggestion is to allow for file sharing and have the server mount the /var for all the systems I want to monitor.

Well being a Solaris and Linux guy, I think that is all hewey!

Apple now uses "asl" which seems to allow applications to log data. I don't know if it is asl that now needs to be configured. I'm not finding much on that.
0
 

Author Closing Comment

by:bs98909
ID: 40573095
I retraced the steps from the Splunk page: http://wiki.splunk.com/Community:HowTo_Configure_Mac_OS_X_Syslog_To_Forward_Data

I now can see the data leaving, so the syslog for the client is working!

not a clue why it didn't work the first two times — but third time is a charm.

Thank you
0
 
LVL 18

Expert Comment

by:Simon
ID: 40573192
> being a Solaris and Linux guy, I think that is all hewey!
lol :)

Glad you persevered and made it work.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deploystudio is a system which can be used to deploy OSX clients and servers within the small/medium or large business environments. The system is built onto of the OSX Server NetBoot system and uses images & workflows as its core assets. While work…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question