Sending from MacOS X
Sending via traditional syslog
- This type of sending is mainly addressed to UNIX systems and other devices that still use the standard syslog daemon and do not support versions such as rsyslog or syslog-ng.
- Syslog daemon allows sending events from the system where it runs to an external machine through UDP protocol.
- Normally, it also supports sending through TCP, although some older versions of syslog and MacOs X are not supported.
- When using UPD, there is a higher probability of events loss because it has no flow control. Hence, we recommend the use of TCP.
To redirect all the logs through UDP you only need to add the line below at the end of the /etc/syslog.conf file:
Configuration of Syslog UPD forwarding
If the syslog version supports TCP forwarding, this would be the configuration:
Configuration of syslog TCP forwarding
- DEVO-RELAY:PORT is the IP/DNS of the Devo relay port or the In-house Relay where you want to send the information.
Next step is to restart syslog:
Restart syslog deamon
Use the logger command to check if the events are forwarded:
$ logger "Hello from an unsecure and simple log source1" $ logger "Hello from an unsecure and simple log source2" $ logger "Hello from an unsecure and simple log source3" $ logger "Hello from an unsecure and simple log source4" $ logger "Hello from an unsecure and simple log source5"
You can check if the logs have been correctly sent by consulting the box.unix table in the Data Search area from the web application.
- It does not allow to label the logs sent to Devo, therefore the logs are forwarded through an In-house Relay to a port dedicated to this purpose.
- In some systems, it only allows sending via UPD (e.g. MacOSx).
- It does not support the secure sending via SSL/TLS in a native way.