Configuring Syslog on Your Apple Mac OS X
You can configure syslog on systems that run Apple Mac OS X operating systems by using a log stream script to send the MAC system logs to JSA.
- To implement the 7.3.0-JSA-JSASCRIPT-logStream-1.0 fix, download the following files from https://support.juniper.net/support/downloads/.
- From the terminal, go to the folder that you chose to contain the logStream.pl file that you extracted.
-
To make the logStream.pl file an executable file, type the following
command:
chmod +x logStream.pl
-
Create an executable shell script with an .sh extension with the following naming
convention:
<FILE_NAME>.sh
-
Add the following command to the file that you created:
#!/bin/sh /Users/<PathToPer1Script>logstream.pl -<Parameters1> <Value> - <Parameters2> <Value2>
The path is an absolute path that usually starts from /Users/....
You can use the following parameters for
logStream.pl
:Table 1: LogStream.pl Parameters Parameter
Value
-H
The -H parameter defines the host name or IP to send the logs to.
-p
The -p parameter defines the port on the remote host, where a syslog receiver is listening.
If this parameter is not specified, by default the
logStream.pl
script uses the TCP port 514 for sending events to JSA.-O
The -O parameter overrides the automatic host name from the OS's /bin/hostname command.
-s
The syslog header format default is 5424 (RFC5424 time stamp), but 3339 can be specified instead to output the time stamp in RFC3389 format.
-u
The -u parameter forces logStream to send events by using UDP.
-v
The -v parameter displays the version information for the logStream.
-x
The -x parameter is an exclusion filter in grep extended Regex format.
parentalcontrolsd|com.apple.Webkit.WebContent
Includes identity?
No
Includes custom properties?
No
More information
Ambiron website (http://www.apache.org)
#!/bin/sh/Users/……/logStream.pl -H 172.16.70.135
- Save your changes.
- From the terminal, go to the folder that contains the shell file that you created.
-
To make the perl file an executable file, type the following command:
chmod +x <FILE_NAME>.sh
-
In the terminal, create a file with a .plist file extension as in the following
example:
<fileName>.plist
-
Add the following XML command to the file:
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/ PropertyList-1.0.dtd"><plist version="1.0"> <dict> <key>Label</ key> <string>com.logSource.app</string><key>Program</key><string>/Users/… <Path_to_Shell_Script_Created_In_Step2> …/shellScript.sh</string> <key>RunAtLoad</key> <true/> </dict></plist>
The XML command holds data in key-value pair. The following table provides the key-value pairs:
Table 2: Key-value Pairs Key
Value
Label
com.logSource.app
Program
/Users/...<Path_To_Shell_ Script_Created_In Step2>.../shellScript.sh
RunAtLoad
True
The value of the Label key must be unique for each .plist file. For example, if you use the Label value
com.logSource.app
for one.plist
file, you can't use the same value for another.plist
file.The Program key holds the path of the shell script that you want to run. The path is an absolute path that usually starts from /Users/....
The RunAtLoad key shows events when you want to run your shell program automatically.
- Save your changes.
-
To make the
.plist
file an executable file, type the following command:chmod +x <fileName>.plist
-
Copy the file to /Library/LaunchDaemons/ by using the following command:
sudo cp <Path_To_Your_plist_file>/Library/LaunchDaemons/
- Restart your Mac system.
-
Log in to JSA, and then from the Log Activity tab, verify that events are arriving from the
Apple Mac system. If events are arriving as Sim Generic, you must manually configure a log
source for the Apple Mac system.
The log source parameter values for that event are:
Table 3: Log Source Parameters Parameter
Value
Log Source Type
Apple Mac OS X
Protocol Configuration
Syslog
Log Source Identifier
AAAA-MacBook-Pro.local