Syslog Server For Mac Os X

Posted on

Safari CVE-ID: CVE-2005-2491 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.3, Mac OS X Server v10.4.3 Impact: Processing a regular expressions may result in arbitrary code execution Description: The JavaScript engine in Safari uses a version of the PCRE library that is vulnerable to a potentially exploitable heap. Active Mac-OSX syslog events dashboard including total messages counts and priority for convenient and quick management of currently collected and historical events. Events Monitor View. Real-time Mac-OSX syslog events monitor server daemon including date, priority, host address and message text with filtering and exporting management options. Syslog server free download - Syslog Center, PS3 Media Server, Server Tools, and many more programs. Apple Mac OS X Snow Leopard. Upgrade your Mac to Mac OS X Snow Leopard.

Syslog server for mac os x 10.10

Enable an Apple Mac OS X machine as a syslog server

Here is a small howto that describes how your Mac OS X machine can also receive logs from remote devices such as an Apple Airport Extreme. There are some howto’s available online, but I guess that somethings have changed in 10.5, none seem to work perfectly.

Change syslogd configuration

# echo 'local0.notice /var/log/airport.log' >> /etc/syslog.conf

Touch the logfile

Change syslogd startup procedure

At the end of the file, uncomment the part to accept remote logging.

# cat /System/Library/LaunchDaemons/
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE plist PUBLIC '-//Apple Computer//DTD PLIST 1.0//EN' ''>
<plist version='1.0'>
Un-comment the following lines to run syslogd with a sandbox profile.
Sandbox profiles restrict processes from performing unauthorized
operations; so it may be necessary to update the profile
(/usr/share/sandbox/ if any changes are made to the syslog
configuration (/etc/syslog.conf).
Un-comment the following lines to enable the network syslog protocol listener.

Restart syslogd

# launchctl unload /System/Library/LaunchDaemons/
# launchctl load /System/Library/LaunchDaemons/

Open the firewall

Syslog server for mac os x

Go the the System Preferences, click Security, open the Firewall tab and click the +. Select the file /usr/bin/syslog.
If you are unable to select the /usr directory, try this hack by opening a terminal and typing:

Now you can select the file (in your home directory) ./bin/syslog and ./sbin/syslogd

Configure remote devices

Now tell the remote devices (Like the Apple Airport Extremes) to dump their log at the IP address of your Mac OS X machine.

See the result

Now either open the application “Console” or from a terminal, run “tail -f /var/log/airport.log” to see the results as they come in.



From Splunk Wiki

Jump to: navigation, search

This tutorial shows how to configure Mac OS X to forward syslog events to a remote server.
The following configuration steps were tested and validated on a MacBook Pro running Mac OS X 10.6.2 (Snow Leopard).


Mac OS X (Applications - Utilities - is the standard interface to visualize all events registered by the operating system. It is simple yet functional, but not very friendly on displaying the entries and actually finding some useful information.

Splunk has a Mac OS X version that allows for a better and more complete monitoring of the system and syslog events, it can also be installed and configured as a forwarder to your central monitoring server. But it doesn’t need to be installed for just monitoring syslog generated events.

It is worth mentioning that in order to capture events forwarded by Mac OS X (or any other syslog forwarder, actually) you have to configure the Splunk server to:
(a.) receive data inputs on UDP port 514, and
(b.) allow incoming traffic through this port on all firewalls in place between the Mac OS X and the Splunk server - including the Windows Firewall, if that’s the case.

Its also worth noting that Mac OS X will simple forward all syslog data as a single source, not separating data by log file like the Universal Forwarder does.

Configuring the Mac OS X Syslogd

The next steps are to be executed in a Terminal window, the Mac OS X command line interface. The steps to configure the syslog forwarding are:

Syslog Server For Mac Os X

1. Open a Terminal window:Applications - Utilities - Terminal, or by using the Spotlight (shortcut: command+space > Terminal)

2. Before touching anything, make a backup copy of the syslog configuration file (syslogd.conf) into the /tmp folder:

3. Open the configuration file on your favorite editor (in this case, we’re using vi):

Os X Syslog Server

Use the ’sudo’ command to execute vi with ‘root’ privileges, otherwise you won’t be able to edit the file. Enter the password for the administrator account you are currently logged in as to continue.

4. Insert the following line anywhere in your syslogd.conf file, replacing the IP address with the IP address of your Splunk server’s network interface.

Type ‘i’ in vi to enter the insert mode (text entry), then add the line above anywhere in the file.
‘’’IMPORTANT:’’’ The selector and action fields (see below) are separated by TABs. Do not use spaces.

The syslogd.conf file consists of lines with two fields: the selector field which specifies the types of messages and priorities to which the line applies, and an action field which specifies the action to be taken if a message syslogd receives matches the selection criteria.

Syslog Server For Mac Os X

If you would like to forward your syslog output on a different port to the standard 514, you can do this by specifying a specific port for your destination; e.g.

results in your syslog data being forwarded to port 5140 instead of the usual port 514.

The Selectors function are encoded as a Facility.Level. The line above is basically telling the Mac OS X syslog daemon to forward a copy of all (*.*) events to the syslog server listening on the IP address If you don’t want to send all events, you can filter them out by setting a different level - for instance, you can replace the ‘*.*’ with ‘*.notice’. Check out the syslogd.conf and the syslog manual pages for all the options.

5. Save and Exit:Press ‘ESC’ to exit insert mode, and save the file by typing ’:wq <enter>’.If you don’t want to save it now, type ’:q!‘ to exit vi without saving and start over.

6. Restart the ‘syslogd’ service:But before doing so, check if it’s running by typing:

The following commands restart the service. Enter your password one more time if necessary.

Check if the service was really shut down and restarted by typing the same command again. The counter should have been reset and the PID (5070 in the example above) should be a different one.


Syslog Server For Mac Os X

You can use ’tcpdump’ to verify that the events are being forwarded to the remote server. Use the command ’ifconfig’ to get the name of the Mac OS X network interface connected to the same IP network segment of the Splunk server and use it as a filter for ’tcpdump’. In this case, the interface name is ‘en1’:

To log an event - open a new Terminal window on Mac OS X and use the ’logger’ command.

If tcpdump doesn't report the Testing message, first double check the tcpdump arguments then review the configuration and check if there is connectivity between the Mac OS X station and the Splunk server.

Mac Os Syslog

Lastly, check that UDP/514 traffic is allowed through any firewalls.

Best Syslog Server Software

Worst case, restore your backup copy from the /tmp folder and repeat the process.

Retrieved from ''