Brian S
asked on
setting up syslog server on an OS X network
I have 4 OS X devices (2 iMacs, 3 Mac Minis) that I believe I have configured the /etc/syslog.conf to send their logs to my syslog server (IP 192.168.1.30) but I'm not seeing any logs going to the host. I must be missing something. I have rebooted all of systems just incase I didn't stop / start syslog correctly.
———————————--
Clients all have:
———————————--
Server has:
———————————--
Clients all have:
imac:~ $ cat /etc/syslog.conf
# Note that flat file logs are now configured in /etc/asl.conf
install.* @127.0.0.1:32376
*.* @192.168.1.30
———————————--
Server has:
syslog:~$ cat /etc/syslog.conf
# Note that flat file logs are now configured in /etc/asl.conf
install.* @127.0.0.1:32376
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I retraced the steps from the Splunk page: http://wiki.splunk.com/Community:HowTo_Configure_Mac_OS_X_Syslog_To_Forward_Data
I now can see the data leaving, so the syslog for the client is working!
not a clue why it didn't work the first two times — but third time is a charm.
Thank you
I now can see the data leaving, so the syslog for the client is working!
not a clue why it didn't work the first two times — but third time is a charm.
Thank you
> being a Solaris and Linux guy, I think that is all hewey!
lol :)
Glad you persevered and made it work.
lol :)
Glad you persevered and made it work.
ASKER
I just got off the phone with Alex from apple support. He doesn't believe that the normal OS X can send logs only the Server can. That seems odd to me. His suggestion is to allow for file sharing and have the server mount the /var for all the systems I want to monitor.
Well being a Solaris and Linux guy, I think that is all hewey!
Apple now uses "asl" which seems to allow applications to log data. I don't know if it is asl that now needs to be configured. I'm not finding much on that.