New to AppSec?

AppSec is a diverse and complex field, but getting started doesn't mean mastering all the concepts at once. Check out my "Intro to AppSec" guide for a quick guide to understanding the basics.

Looking to Learn?

Already in the field? Check out the career curriculum to learn how to take your skills to the next level.

Real Training, Really Free

Tired of reading articles? Ready for real hands on training? Check out the Training section for tips on building a training lab and practicing your skills in a safe (legal) environment!

OSX Server Syslog

Posted on by Brooks Garrett - No Comments

We recently had to get our OSX Server sending logs via syslog (UDP) to our central log server. After configuring the syslog.conf file, I noticed the logs weren’t making it to the Syslog central server.

A subsequent tcpdump revealed the OSX server was sending logs to port 51 instead of 514, even thought the syslog.conf file read as follows:

[...]
*.info @192.168.1.10:514
[EOF]

Omitting the port number lead to the logs not being forwarded at all.

The explanation was OSX apparently requires a blank line at the bottom of the syslog.conf file and this rule was the last line. Adding the port back in and a blank line at the end of the file resulted in normal behavior.

« Newer Posts   §   Older Posts »