Documentation forLoggly

Mac OS X Logs

You can configure your Mac OS X to send system to logs to Loggly. We use fluentd to send the OS X system log over our HTTP/S endpoint. This is because OS X has an older syslog daemon that does not support the newer RFC 5424 format that Loggly requires. For alternatives, please see the Advanced Options section.

Automatic Script

1. Run the Configure Mac script

Run our automatic configure-mac script below to setup Mac OS X logging and send the logs to Loggly through your fluentd. Alternatively, you can follow our manual configuration instructions below.

curl -O https://www.loggly.com/install/configure-mac.sh
sudo bash configure-mac.sh -a SUBDOMAIN -u USERNAME 

Replace:

  • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
  • USERNAME: your Loggly username, which is visible at the top right of the Loggly console

You will need to enter your system root password so it can update your fluentd configuration. It will then prompt for your Loggly password.

2. Verify Events

Search Loggly for events with the Mac tag over the past hour. It may take a few minutes to index the event. If it doesn’t work, see the troubleshooting section below.

tag:Mac 

Mac OS Logs

Manual Configuration

1. Install xcode command line tools

If you haven’t already, install xcode command line tools.

xcode-select --install 

2. Install Fluentd

Install Fluentd using the following command.

sudo gem install fluentd --no-ri --no-rdoc -n/usr/local/bin 

Note: If you’re using RubyGem version 2.0 and later, you need to use the –no-document option.

sudo gem install fluentd --no-document -n/usr/local/bin 

3.Install Loggly Plugin for Fluentd

Install the Loggly output plugin for the Fluentd using the following command.

sudo gem install fluent-plugin-loggly 

4. Configure Fluentd

Open or create a new configuration file for fluentd. You can store this in your home directory or elsewhere.

sudo vim fluentd-loggly.conf 

Paste the following configuration into the file.

<source>
  type tail
  format none
  path /var/log/system.log
  tag system_logs
</source>
<match **>
  type loggly
  loggly_url https://logs-01.loggly.com/inputs/TOKEN/tag/Mac
</match>

Replace:

5. Send logs to Loggly

Now run the following command to send logs to Loggly.

fluentd -c fluentd-loggly.conf

6. Verify Events

Search Loggly for events with the Mac tag over the past 20 minutes. It may take a few minutes to index the event. If it doesn’t work, see the troubleshooting section below.

tag:Mac

mac parsing

Advanced Mac OS Logging Options

Troubleshooting Mac OS Logs

If you don’t see any data show up in the verification step, then check for these common problems.

  • Wait a few minutes in case indexing needs to catch up
  • Check to see if the fluentd-loggly.conf is properly created and placed in the proper location. It should be in the /home/Fluentd folder.
  • Check to see if the path for the system.log file provided is correct. It should be /var/log/system.log.
  • Run "sudo tcpdump dst logs-01.loggly.com and port 80″ to verify HTTP events are being sent to Loggly
  • Search or post your own MacOS logging question in the community forum.

When the APM Integrated Experience is enabled, Loggly shares a common navigation and settings with the other integrated experiences' products. How you navigate Loggly and access its features may vary from these instructions. For more information, go to the APM Integrated Experience documentation.

The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.