How do I send Syslog messages from macOS to EventSentry?
The Syslog daemon (syslog) on macOS is configured through the /etc/syslog.conf configuration file. Follow the steps below to send all Syslog messages from an macOS machine to EventSentry.
Open the file /etc/syslog.conf in an editor.
sudo nano /etc/syslog.conf
Append the following line to the bottom:
*.* @eventsentryserver:514
Restart the syslog daemon:
sudo launchctl stop /System/Library/LaunchDaemons/com.apple.syslogd.plist
sudo launchctl start /System/Library/LaunchDaemons/com.apple.syslogd.plist
Notes:
Replace "eventsentryserver" with the host name or IP address of the host where EventSentry's network services service is installed and running. We recommend that you create a CNAME record (e.g. "syslog", "log", "eventsentry") on your DNS server and use that alias in the configuration files.
It is not necessary to send all Syslog messages to EventSentry, e.g. the following lines only send critical messages to a host with the CNAME alias "eventsentry":
1 2 3 4 5 |
*.emerg @eventsentry:514 *.alert @eventsentry:514 *.crit @eventsentry:514 *.err @eventsentry:514 *.warning @eventsentry:514 |
