...
MacOS native Syslog facility (via syslogd) doesn't offer the option to securely forward events collected in the system.log file to a remote endpoint. One of the following options can be used to overcome this limitation, properly tagging events and sending them reliably (over TLS/TCP) to the Devo cloud:
Installing a more advanced Syslog server including that capability (i.e Syslog-ng, NxLog, RSyslog, etc.)
Installing the Devo Endpoint Agent and using the File Fetcher extension.
The Devo parser for events collected in the system.log file (box.macos) expects events that use the standard format=bsd option in the /etc/asl.conf configuration file (see picture below) and can’t currently handle multiline events.
...
| Note |
|---|
If you need to parse events from Apple System Logging (ASL; MacOS 10.4 or later) or Apple Unified Logging (AUL; MacOS 10.12 or later), please contact the Devo Support Team. |
...