Solved

setting up syslog server on an OS X network

Posted on 2015-01-25
4
788 Views
Last Modified: 2015-01-27
I have 4 OS X devices (2 iMacs, 3 Mac Minis)  that I believe I have configured the /etc/syslog.conf to send their logs to my syslog server (IP 192.168.1.30) but I'm not seeing any logs going to the host. I must be missing something. I have rebooted all of systems just incase I didn't stop / start syslog correctly.

———————————--
Clients all have:
imac:~ $ cat /etc/syslog.conf
# Note that flat file logs are now configured in /etc/asl.conf

install.*						@127.0.0.1:32376
*.*							@192.168.1.30

Open in new window


———————————--
Server has:
syslog:~$ cat /etc/syslog.conf
# Note that flat file logs are now configured in /etc/asl.conf

install.*						@127.0.0.1:32376

Open in new window

0
Comment
Question by:bs98909
  • 2
  • 2
4 Comments
 
LVL 18

Accepted Solution

by:
Simon earned 500 total points
ID: 40570094
Have you:
Used TAB characters to separate The selector and action fields in syslog.conf?

Checked that data is being sent from the workstation to the server using tcpdump?
         sudo tcpdump -i en1 host 192.168.1.30 and udp port 514

Allowed the traffic from the workstations through the firewall(s)?

Try Googling "osx send syslog to server" for more details.
0
 

Author Comment

by:bs98909
ID: 40572912
I have confirmed via "od" that intact there are tabs on the line. and the tcpdump has been running for about 24 hours and NADA.

I just got off the phone with Alex from apple support. He doesn't believe that the normal OS X can send logs only the Server can. That seems odd to me. His suggestion is to allow for file sharing and have the server mount the /var for all the systems I want to monitor.

Well being a Solaris and Linux guy, I think that is all hewey!

Apple now uses "asl" which seems to allow applications to log data. I don't know if it is asl that now needs to be configured. I'm not finding much on that.
0
 

Author Closing Comment

by:bs98909
ID: 40573095
I retraced the steps from the Splunk page: http://wiki.splunk.com/Community:HowTo_Configure_Mac_OS_X_Syslog_To_Forward_Data

I now can see the data leaving, so the syslog for the client is working!

not a clue why it didn't work the first two times — but third time is a charm.

Thank you
0
 
LVL 18

Expert Comment

by:Simon
ID: 40573192
> being a Solaris and Linux guy, I think that is all hewey!
lol :)

Glad you persevered and made it work.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you other experts are anything like me you are always looking into and testing out new features. While I was doing some research one day I ran across an app that I installed on my Mac and used as a security system. Mac OS X: SecureHome uses your …
Syslogd is a utility that traps and logs messages sent by running processes. It is configured with the syslog.conf file, which consists of lines containing a pair of fields: "the selector field which specifies the types of messages and priorities to…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question