Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Syslog on Your Apple Mac OS X

 

You can configure syslog on systems that run Mac OS X operating systems by using a log stream script to send the MAC system logs to JSA.

  1. Create an executable shell script with an .sh extension with the following naming convention:

    <FILE_NAME>.sh

  2. Add the following command to the file that you created:

    #!/bin/sh

    /Users/<PathToPer1Script>logstream.pl -<Parameters1> <Value>

    - <Parameters2> <Value2>

    The path is an absolute path that usually starts from /Users/....

    You can use the following parameters for logStream.pl:

    Table 1: LogStream.pl Parameters

    Parameter

    Value

    -H

    The -H parameter defines the host name or IP to send the logs to.

    -p

    The -p parameter defines the port on the remote host, where a syslog receiver is listening.

    If this parameter is not specified, by default the logStream.pl script uses the TCP port 514 for sending events to JSA.

    -O

    The -O parameter overrides the automatic host name from the OS's /bin/hostname command.

    -s

    The syslog header format default is 5424 (RFC5424 time stamp), but 3339 can be specified instead to output the time stamp in RFC3389 format.

    -u

    The -u parameter forces logStream to send events by using UDP.

    -v

    The -v parameter displays the version information for the logStream.

    -x

    The -x parameter is an exclusion filter in grep extended Regex format.

    parentalcontrolsd|com.apple.Webkit.WebContent

    Includes identity?

    No

    Includes custom properties?

    No

    More information

    Ambiron website (http://www.apache.org)

  3. Save your changes.
  4. From the terminal, go to the folder that contains the shell file that you created.
  5. To make the perl file an executable file, type the following command:

    chmod +x <FILE_NAME>.sh

  6. In the terminal, create a file with a .plist file extension as in the following example:

    <fileName>.plist

  7. Add the following XML command to the file:

    <?xml version="1.0" encoding=”UTF-8”>

    <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www

    .apple.com/DTDs/PropertyList-1.0.dtd”><plist version="1.0>

    <dict>

    <key>Label>/key>

    <string>com.logSource.app</string>

    <key>Program</key>

    <string>/Users/...<Path_to_Shell_Script_Created_In_Step1>.../ shellScript.sh</string>

    <key>RunAtLoad</key>

    <true/>

    </dict>

    </plist>

    The XML command holds data in key-value pair. The following table provides the key-value pairs:

    Table 2: Key-value Pairs

    Key

    Value

    Label

    com.logSource.app

    Program

    /Users/...<Path_To_Shell_ Script_Created_In Step1>.../shellScript.sh

    RunAtLoad

    True

    The value of the Label key must be unique for each .plist file. For example, if you use the Label value com.logSource.app for one .plist file, you can't use the same value for another .plist file.

    The Program key holds the path of the shell script that you want to run. The path is an absolute path that usually starts from /Users/....

    The RunAtLoad key shows events when you want to run your shell program automatically.

  8. Save your changes.
  9. To make the .plist file an executable file, type the following command:

    chmod +x <fileName>.plist

  10. Copy the file to /Library/LaunchDaemons/ by using the following command:

    sudo cp <Path_To_Your_plist_file>/Library/LaunchDaemons/

  11. Restart your Mac system.
  12. Log in to JSA, and then from the Log Activity tab, verify that events are arriving from the Mac system. If events are arriving as Sim Generic, you must manually configure a log source for the Mac system.

    The log source parameter values for that event are:

    Table 3: Log Source Parameters

    Parameter

    Value

    Log Source Type

    MAC OS X

    Protocol Configuration

    Syslog

    Log Source Identifier

    AAAA-MacBook-Pro.local