Solved: How to configure OSX Syslogd ??

splunkminiuser · ‎12-27-2013

Hi to all,

I've tried to configure my OSX Splunk server so it will accept data from the syslog deamon (see: https://wiki.splunk.com/Community:HowTo_Configure_Mac_OS_X_Syslog_To_Forward_Data).

I've edited the /etc/syslog.conf file and added ". x.x.x.x". (Where x.x.x.x is the IP of my machine where Splunk should be listening).

After that, I stopped and restarted the Syslog Deamon (as explained in the tutorial).

When I log into Splunk, there is no data. Splunk tells me: "waiting for data".
Do I need to configure Splunk to "receive" the data? And how do I do that?

Thanks in advance!

martin_mueller · ‎12-27-2013

To receive syslog events directly you need to tell Splunk to listen to them: http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

View solution in original post

martin_mueller · ‎12-27-2013

To receive syslog events directly you need to tell Splunk to listen to them: http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

How to configure OSX Syslogd ??

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation