Way overdue, but working on trying to extract certain events from the unified logs and sending to our syslog server. Anyone tackle this at all? Alternate plan is to use the BSM logs, but trying to figure out what the cleanest approach is.
Question
Anyone sending log info to syslog?
+15
+16It's been on my list of to-dos for a while too.. I have this booked marked as a starting point but that is as far as I have gone... : )
https://eclecticlight.co/?s=log
C
+3OSX uses syslogd. Simply configure it to forward /var/log/jamf.log events to a different sylogd server. https://wiki.splunk.com/Community:HowTo_Configure_Mac_OS_X_Syslog_To_Forward_Data
+15Uses syslog, yes. But with the new-style unified logging, there's nothing IN the syslog unless we put it there. That's the challenge.
Not everything we're requiring is in the jamf.log, some isn't being written to disk at all anymore. Thus the need to scrape the unified logs and forward relevant entries.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.