Logging from OS X

[obsolete]

OSX ships with a modified syslog process named 'syslogd'. You can see the process and it's PID by running the following command from a terminal shell:

jeangrey$ ps -ax |grep syslog
15 ?? 0:00.89 /usr/sbin/syslogd

Note: OSX's syslogd service only support UDP transport and does not provide file monitoring or forwarding.

Configuration

To send Loggly data over UDP with syslogd, you'll need a UDP input in your account. Navigate to the input tab in your account, and then click the add input button at the bottom. Name your input and give it a description:

Next, edit your syslogd.conf file, found in /etc/syslogd.conf, and add the following line at the bottom of the file:

*.* @logs.loggly.com:[PORT]

Be sure you use the correct port from the input you just created (leaving out the square brackets of course)! After you've saved the configuration file, you'll need to restart syslog:

sh-3.2# ps -ax |grep syslog
15 ?? 0:00.92 /usr/sbin/syslogd
sh-3.2# kill -HUP 15

Testing

OSX, like other BSD/Linux flavored operating systems, supports the logger command. You can use logger to test your events are getting forwarded over to Loggly correctly:

logger "Final Boarding call for Mr. Dobalina, Mr. Bob Dobalina."

Jump into the shell, and do a search for part of the event you just sent:

search dobalina

You should see a result of your search after 15-20 seconds.

Top