Document toolboxDocument toolbox

MacOS X

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Jun 20, 2024
1 min read

Devo currently supports parsing events written in the system.log file in any MacOS X.

MacOS native Syslog facility (via syslogd) doesn't offer the option to securely forward events collected in the system.log file to a remote endpoint. One of the following options can be used to overcome this limitation, properly tagging events and sending them reliably (over TLS/TCP) to the Devo cloud:

  • Installing a more advanced Syslog server including that capability (i.e Syslog-ng, NxLog, RSyslog, etc.)

  • Installing the Devo Endpoint Agent and using the File Fetcher extension.

The Devo parser for events collected in the system.log file (box.macos) expects events that use the standard format=bsd option in the /etc/asl.conf configuration file (see picture below) and can’t currently handle multiline events.

If you need to parse events from Apple System Logging (ASL; MacOS 10.4 or later) or Apple Unified Logging (AUL; MacOS 10.12 or later), please contact the Devo Support Team.