Mac Syslog GUI

jonlasser 3 Comments

I know that Console.app is a decent if not stellar tool to view syslog entries on a Mac, but recently I wanted to send remote syslog entries to a Mac.

While I’ve found instructions for enabling remote syslog on a Mac, they’re out of date. I can figure it out from these instructions, but it occurred to me this wasn’t really what I wanted to do anyway.

What I really want is a database-backed syslog (a la syslog-ng) configured to accept syslog entries from remote servers. But I really want this with a powerful GUI to filter, colorize, and sort syslog messages by timestamp, host, facility, priority, and regular expression.

Now, this is a very un-Mac-like thing I want, at root. But it sure would turn my Mac into a powerful syslog processing machine.

3 thoughts on “Mac Syslog GUI

    • Actually, another friend suggested Splunk yesterday, and I’ve downloaded and installed it.

      I’m probably going to use it, at least for the time being, but it’s absolutely not what I want for home use. It’s a Swiss Army Chainsaw, the kind of thing I love using professionally but the kind of thing I hate at home because at the end of the day I just want my home gear to work without fiddling. (That’s why I started using Macs: Unix with 95% less system administration.)

      Splunk seems to be nothing but fiddling. Its parsers have entries for the host machine that are ‘localhost’, ‘Serpico’, and ‘Serpico.local’ — I can’t figure out how to combine these. My Apple TV shows up with its IP address — I can’t figure out how to name it.

      When I say “I can’t figure out,” I don’t mean that I couldn’t figure it out if I put more time into it. I mean that I put about twenty minutes in, browsing the interface and the documentation. I thought I found something in the docs that would help, but I found that I couldn’t actually follow the steps in the UI. I considered using the CLI, but the whole point wasn’t that I couldn’t do what I needed on a Mac, I just wanted a lightweight, easy-to-use GUI.

      I’ve previously evaluated older versions of Splunk professionally, and I thought it was awesome. I hadn’t seen Splunk 4 before, and it’s clearly just as awesome. But I don’t think it’s really what I want for home use. (It’s probably the closest thing that exists right now, however.)

      Like

      • I was just going to reply here suggesting you try Splunk 🙂

        syslog-ng won’t use a RDBMS backend unless you pay them the big bucks.

        Like

Comments are closed.