You can configure your Mac OS X to send system to logs to Loggly. We use fluentd to send the OS X system log over our HTTP/S endpoint. This is because OS X has an older syslog daemon that does not support the newer RFC 5424 format that Loggly requires. For alternatives, please see the Advanced Options section.
Run our automatic configure-mac script below to setup Mac OS X logging and send the logs to Loggly through your fluentd. Alternatively, you can follow our manual configuration instructions below.
curl -O https://www.loggly.com/install/configure-mac.sh sudo bash configure-mac.sh -a SUBDOMAIN -u USERNAME
- SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
- USERNAME: your Loggly username, which is visible at the top right of the Loggly console
You will need to enter your system root password so it can update your fluentd configuration. It will then prompt for your Loggly password.
Search Loggly for events with the Mac tag over the past hour. It may take a few minutes to index the event. If it doesn’t work, see the troubleshooting section below.
If you haven’t already, install xcode command line tools.
Install Fluentd using the following command.
sudo gem install fluentd --no-ri --no-rdoc -n/usr/local/bin
Note: If you’re using RubyGem version 2.0 and later, you need to use the –no-document option.
sudo gem install fluentd --no-document -n/usr/local/bin
Install the Loggly output plugin for the Fluentd using the following command.
sudo gem install fluent-plugin-loggly
Open or create a new configuration file for fluentd. You can store this in your home directory or elsewhere.
sudo vim fluentd-loggly.conf
Paste the following configuration into the file.
<source> type tail format none path /var/log/system.log tag system_logs </source> <match **> type loggly loggly_url https://logs-01.loggly.com/inputs/TOKEN/tag/Mac </match>
- TOKEN: your customer token from the source setup page
Now run the following command to send logs to Loggly.
fluentd -c fluentd-loggly.conf
Search Loggly for events with the Mac tag over the past 20 minutes. It may take a few minutes to index the event. If it doesn’t work, see the troubleshooting section below.
If you don’t see any data show up in the verification step, then check for these common problems.
- Wait a few minutes in case indexing needs to catch up
- Check to see if the fluentd-loggly.conf is properly created and placed in the proper location. It should be in the /home/Fluentd folder.
- Check to see if the path for the system.log file provided is correct. It should be /var/log/system.log.
- Run "sudo tcpdump dst logs-01.loggly.com and port 80″ to verify HTTP events are being sent to Loggly
- Search or post your own MacOS logging question in the community forum.
When the APM Integrated Experience is enabled, Loggly shares a common navigation and enhanced feature set with the other integrated experiences' products. How you navigate Loggly and access its features may vary from these instructions. For more information, go to the APM Integrated Experience documentation.
The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.