How To Download Console Logs Mac

/var/log /Library/Logs /Library/Logs To back up all the logs, simply copy the contents of these three folders to another location. To back up a single log, look in Console.app for the log that you want to back up, select it in the sidebar, then press ⌘R (or right-click and select Reveal in Finder).

All mastheads on this page are Evaluation mastheads and should only be used on Evaluation licenses of BigFix. If you have a Production licenses of BigFix, please contact your sales rep to obtain Production mastheads.

For previous non-Windows versions, please refer to the following text file:
support.bigfix.com/bes/install/besnonwindowsarchive.html.

For the latest BigFix release information, visit http://support.bigfix.com/bes/release/.

AIX

AIX - Downloads

For the latest BigFix release information, visit http://support.bigfix.com/bes/release/.

AIX - Installation Instructions

Note: Beginning with IEM 9.0 the directory /etc/opt/BESClient/ is not automatically created by the installer. If it does not exist, you will need to manually create this directory.
  1. Download the corresponding BES Client package file to the IBM AIX computer.
  2. Copy the BESAgent to the IBM AIX computer.
  3. Run the following command: installp –agqYXd ./BESAgent-8.2.1409.0.ppc_aix53.pkg BESClient
  4. Copy the masthead file to /etc/opt/BESClient/actionsite.afxm.
  5. Run the following command: /etc/rc.d/rc2.d/SBESClientd start.

AIX - Fixlet Content

  1. To get the Fixlet content for the AIX BES Agent, you will need to subscribe your BES Server to the appropriate Fixlet site. To subscribe to a new Fixlet site, go to a computer with the BES Console installed.
  2. Download the AIX Evaluation masthead: (Note: This masthead is for Evaluation licenses only.)
  3. When prompted to open or save the file, click 'Open' and this will automatically open the BES Console.
  4. Log into the BES Console with your username/password.
  5. Once logged in, the BES Console will ask if you wish to subscribe to the Patches for AIX Fixlet site, click OK.
  6. Type in your private key password and click OK.
  7. After the BES Console subscribes to the site, it should automatically start gathering new Fixlet messages from the site.

CentOS

CentOS - Downloads

For the latest BigFix release information, visit http://support.bigfix.com/bes/release/.

CentOS - Installation Instructions

Note: Beginning with IEM 9.0 the directory /etc/opt/BESClient/ is not automatically created by the installer. If it does not exist, you will need to manually create this directory.
  1. Download the corresponding BigFix Client RPM file to the Red Hat computer.
  2. Install the RPM by running the command rpm -ivh <path to BigFix Client RPM>.
  3. Copy your actionsite masthead to the Linux BigFix Client computer (the masthead contains configuration, license, and security information). The action site masthead (actionsite.afxm) can be found in your BigFix Installation folders (by default they are placed under C:BigFix Installers). If the masthead is not named 'actionsite.afxm', rename it to 'actionsite.afxm' and place it on the computer at the following location: /etc/opt/BESClient/actionsite.afxm.
    Note: In BigFix 4.0 and later, the masthead file for each BigFix Server is downloadable at http://servername:port/masthead/masthead.afxm (example: http://bes.bigfix.com:52311/masthead/masthead.afxm).
  4. Start the BigFix Client by running the command: /etc/init.d/besclient start.

Debian

Debian - Downloads

For the latest BigFix release information, visit http://support.bigfix.com/bes/release/.

How To Download Mac Apps

Debian - Installation Instructions

Note: Beginning with IEM 9.0 the directory /etc/opt/BESClient/ is not automatically created by the installer. If it does not exist, you will need to manually create this directory.
  1. Download the corresponding BigFix Client DEB package file to the Debian computer.
  2. Install the DEB by running the command dpkg -i <path to BigFix Client package>.
  3. Copy your actionsite masthead to the Linux BigFix Client computer (the masthead contains configuration, license, and security information). The action site masthead (actionsite.afxm) can be found in your BigFix Installation folders (by default they are placed under C:BigFix Installers). If the masthead is not named 'actionsite.afxm', rename it to 'actionsite.afxm' and place it on the computer at the following location: /etc/opt/BESClient/actionsite.afxm.
    Note: In BigFix 4.0 and later, the masthead file for each BigFix Server is downloadable at http://servername:port/masthead/masthead.afxm (example: http://bes.bigfix.com:52311/masthead/masthead.afxm).
  4. Start the BigFix Client by running the command: /etc/init.d/besclient start.

HP-UX

HP-UX - Downloads

For the latest BigFix release information, visit http://support.bigfix.com/bes/release/.

HP-UX - PA-RISC Installation Instructions

Note: Beginning with IEM 9.0 the directory /etc/opt/BESClient/ is not automatically created by the installer. If it does not exist, you will need to manually create this directory.
  1. Download and copy the corresponding BES Client package file to the HP-UX computer (the computer must be PA-RISC system). The file name will be in the format '(BESAgent-ww.xx.yy.zz.pa_risc_hpux11.0.depot' with variations, depending on the particular version of the agent downloaded.
    Note: Internet Explorer may incorrectly label the downloaded file as a .tar file. Mozilla and other browsers will download the file with the extension as .depot
  2. Run the following command:
    /usr/sbin/swinstall -s HOSTNAME:/path/BESAgent_filename BESAgent
    where HOSTNAME is the name of the system which the Agent is being installed, and /path/ is the path to the Agent installation source and BESAgent_filename is the name of the file you downloaded.
    For example:
    /usr/sbin/swinstall -s hpsystemb:/tmp/BESAgent-8.2.1409.0.pa_risc_hpux110.depot BESAgent
  3. Copy your actionsite masthead to the HP-UX BES Client computer (the masthead contains configuration, license, and security information). The action site masthead (actionsite.afxm) can be found in your BES Installation folders (by default they are placed under C:BES Installers). If the masthead is not named 'actionsite.afxm, rename it to 'actionsite.afxm' and place it on the computer at the following location: /etc/opt/BESClient/actionsite.afxm.
    Note: In BES 4.0 and later, the masthead file for each BES Server is downloadable at http://servername:port/masthead/masthead.afxm
  4. Start the BES Client by running the command /sbin/init.d/besclient start

HP-UX - Itanium Installation Instructions

Note: Beginning with IEM 9.0 the directory /etc/opt/BESClient/ is not automatically created by the installer. If it does not exist, you will need to manually create this directory.
  1. Download and copy the corresponding BES Client package file (BESAgent-8.2.1409.0.pa_risc_hpux110.depot) to the HP-UX computer (must be Itanium system).
  2. Run the following command:
    /usr/sbin/swinstall -x 'allow_incompatible=true' -s HOSTNAME:path/BESAgent-8.2.1409.0.pa_risc_hpux110.depot BESAgent
    where HOSTNAME is the name of the system which the Agent is being installed, and /path/ is the path to the Agent installation source
  3. Copy your actionsite masthead to the HP-UX BES Client computer (the masthead contains configuration, license, and security information). The action site masthead (actionsite.afxm) can be found in your BES Installation folders (by default they are placed under C:BES Installers). If the masthead is not named 'actionsite.afxm, rename it to 'actionsite.afxm' and place it on the computer at the following location: /etc/opt/BESClient/actionsite.afxm.
    Note: In BES 4.0 and later, the masthead file for each BES Server is downloadable at http://servername:port/masthead/masthead.afxm
  4. Start the BES Client by running the command /sbin/init.d/besclient start

HP-UX - Fixlet Content

  1. To get the Fixlet content for the HP-UX BES Agent, you will need to subscribe your BES Server to the appropriate Fixlet site. To subscribe to a new Fixlet site, go to a computer with the BES Console installed.
  2. Download the HP-UX Evaluation masthead. (Note: This masthead is for Evaluation licenses only.)
  3. When prompted to open or save the file, click 'Open' and this will automatically open the BES Console.
  4. Log into the BES Console with your username/password.
  5. Once logged in, the BES Console will ask if you wish to subscribe to the Patches for HP-UX Fixlet site, click OK.
  6. Type in your private key password and click OK.
  7. After the BES Console subscribes to the site, it should automatically start gathering new Fixlet messages from the site.

Mac OS X

Mac OS X - Downloads

For the latest BigFix release information, visit http://support.bigfix.com/bes/release/.

Mac OS X - Installation Instructions

For client versions up to 8.2.1175.0 (8.2 Patch 3) or all installations on OSX 10.4 and 10.5:

  1. Download the corresponding BES Client package file to the Mac computer.
  2. Open the disk image by double clicking the DMG file (eg: BESAgent-8.2.1310.0-BigFix_MacOSX.dmg) to mount it.
  3. Run the BESAgent Installer Builder. The Installer Builder will request the masthead file which is available by using the BESAdmin tool on the BES Server computer ('Export Masthead' functionality). The file must be named 'actionsite.afxm' for the installation to work properly.
  4. After running through the Installer Builder it will ask you where to save the Mac Installer dmg file you will use to install the MAC BESAgent.
  5. Once the disk image has been created, mount it and simply double click the PKG (eg: BESAgent-8.2.1310.0_MacOSX.pkg) to launch the installer.

For client versions 8.2.1310.0 (8.2 Patch 4) and higher on OSX 10.6 and later:

The distribution includes one DMG (mountable Disk Image file) that contains utilities and a separate PKG download for the install or upgrade package. The files are identified as 10.6 versions in the file names.
  1. Download the corresponding BES Client package file to the Mac computer.
  2. Copy the PKG file to any directory and copy the masthead file for your deployment into the same directory. Make sure the masthead file is named actionsite.afxm.
  3. You may optionally include a pre-defined settings file (clientsettings.cfg) in the install directory to create custom settings for the Mac client at installation time.
  4. Launch the PKG installer by double-clicking the PKG file (eg: BESAgent-8.2.1310.0-BigFix_MacOSX10.6.pkg) and run through the installer. The agent will start up after the installation completes as long as the masthead file is included in the install directory.

Mac OS X - Fixlet Content

  1. To get the Fixlet content for the Mac BES Agent, you will need to subscribe your BES Server to the appropriate Fixlet site. To subscribe to a new Fixlet site, go to a computer with the BES Console installed.
  2. Download the Mac Evaluation masthead. (Note: This masthead is for Evaluation licenses only.)
  3. When prompted to open or save the file, click 'Open' and this will automatically open the BES Console.
  4. Log into the BES Console with your username/password.
  5. Once logged in, the BES Console will ask if you wish to subscribe to the Patches for Mac OS X Fixlet site, click OK.
  6. Type in your private key password and click OK.
  7. After the BES Console subscribes to the site, it should automatically start gathering new Fixlet messages from the site.

Red Hat Enterprise Linux

Red Hat Enterprise Linux - Downloads

For the latest BigFix release information, visit http://support.bigfix.com/bes/release/.

Red Hat Enterprise Linux - Installation Instructions

    Note: Beginning with IEM 9.0 the directory /etc/opt/BESClient/ is not automatically created by the installer. If it does not exist, you will need to manually create this directory.
  1. Download the corresponding BigFix Client RPM file to the Red Hat computer.
  2. Install the RPM by running the command rpm -ivh <path to BigFix Client RPM>.
  3. Copy your actionsite masthead to the Linux BigFix Client computer (the masthead contains configuration, license, and security information). The action site masthead (actionsite.afxm) can be found in your BigFix Installation folders (by default they are placed under C:BigFix Installers). If the masthead is not named 'actionsite.afxm', rename it to 'actionsite.afxm' and place it on the computer at the following location: /etc/opt/BESClient/actionsite.afxm.
    Note: In BigFix 4.0 and later, the masthead file for each BigFix Server is downloadable at http://servername:port/masthead/masthead.afxm (example: http://bes.bigfix.com:52311/masthead/masthead.afxm).
  4. Start the BigFix Client by running the command: /etc/init.d/besclient start.

Red Hat Enterprise Linux - Fixlet Content

To get the Fixlet content for the Red Hat BigFix Agent, you will need to subscribe your BigFix Server to the appropriate Fixlet site. To subscribe to a new Fixlet site, go to a computer with the BigFix Console installed.
  1. Download the appropriate masthead:
    • RedHat Enterprise Evaluation masthead (Note: This masthead is for Evaluation licenses only.)
  2. When prompted to open or save the file, click 'Open' and this will automatically open the BigFix Console.
  3. Log into the BigFix Console with your username/password.
  4. Once logged in, the BigFix Console will ask if you wish to subscribe to the Patches for RedHat Linux Fixlet site, click OK.
  5. Type in your private key password and click OK.
    After the BigFix Console subscribes to the site, it should automatically start gathering new Fixlet messages from the site.
NoteHow: For further information regarding Redhat Enterprise Linux please click here.

Solaris

Solaris - Downloads

For the latest BigFix release information, visit http://support.bigfix.com/bes/release/.

Solaris - Installation Instructions

Note: Beginning with IEM 9.2 the Client is controlled by the service manager. To start or stop the agent use the svcadm {enable disable restart} BESClient command.
Note: Beginning with IEM 9.0 the directory /etc/opt/BESClient/ is not automatically created by the installer. If it does not exist, you will need to manually create this directory.
  1. Download the corresponding BigFix Client package file to the Solaris computer.
  2. Copy your actionsite masthead to the Solaris BigFix Client computer (the masthead contains configuration, license, and security information). The action site masthead (actionsite.afxm) can be found in your BigFix Installation folders (by default they are placed under C:BigFix Installers). If the masthead is not named 'actionsite.afxm, rename it to 'actionsite.afxm' and place it on the computer at the following location: /etc/opt/BESClient/actionsite.afxm.
    Note: You may need to create the directory /etc/opt/BESClient/ if it does not already exist.
    Note: In BigFix 4.0 and later, the masthead file for each BigFix Server is downloadable at http://servername:port/masthead/masthead.afxm (example: http://bes.bigfix.com:52311/masthead/masthead.afxm).
  3. Install the PKG by running the command pkgadd -d <path to BigFix Client package file>.
  4. In 9.2 and above the BigFix Client will be started automatically by the Service Manager, on older versions run the command /etc/init.d/besclient start.

Note: Earlier revisions of Solaris (7 and 8) did not include functions required for proper running of the BES Client in the libC (SUNWlibC package) libraries. Ensure that the libC libraries have been patched to a sufficient level so that the BES Client will operate correctly.

For Solaris 8, the latest version of patch 108434 must be installed:
http://sunsolve.sun.com/search/document.do?assetkey=1-21-108434-20-1

Solaris - Fixlet Content

  1. To get the Fixlet content for the Solaris BES Agent, you will need to subscribe your BES Server to the appropriate Fixlet site. To subscribe to a new Fixlet site, go to a computer with the BES Console installed.
  2. Download the Solaris Evaluation masthead. (Note: This masthead is for Evaluation licenses only.)
  3. When prompted to open or save the file, click 'Open' and this will automatically open the BES Console.
  4. Log into the BES Console with your username/password.
  5. Once logged in, the BES Console will ask if you wish to subscribe to the Patches for Solaris Fixlet site, click OK.
  6. Type in your private key password and click OK.
  7. After the BES Console subscribes to the site, it should automatically start gathering new Fixlet messages from the site.

SUSE Linux

SUSE Linux - Downloads

For the latest BigFix release information, visit http://support.bigfix.com/bes/release/.

SUSE Linux - Installation Instructions

Note: Beginning with IEM 9.0 the directory /etc/opt/BESClient/ is not automatically created by the installer. If it does not exist, you will need to manually create this directory.
  1. Download the corresponding BES Client RPM file to the SUSE computer.
  2. Install the RPM by running the command rpm -ivh <path to BES Client RPM>.
  3. Copy your actionsite masthead to the Linux BES Client computer (the masthead contains configuration, license, and security information). The action site masthead (actionsite.afxm) can be found in your BES Installation folders (by default they are placed under C:BES Installers). If the masthead is not named 'actionsite.afxm, rename it to 'actionsite.afxm' and place it on the computer at the following location: /etc/opt/BESClient/actionsite.afxm.

    Note: In BigFix 4.0 and later, the masthead file for each BigFix Server is downloadable at http://servername:port/masthead/masthead.afxm (example: http://bes.bigfix.com:52311/masthead/masthead.afxm).

  4. Start the BigFix Client by running the command /etc/init.d/besclient start.

SUSE Linux - Fixlet Content

To get the Fixlet content for the SUSE BigFix Agent, you will need to subscribe your BigFix Server to the appropriate Fixlet site.
  1. To subscribe to a new Fixlet site, go to a computer with the BigFix Console installed.
  2. Download the appropriate masthead
    (Note: This masthead is for Evaluation licenses only.)
  3. When prompted to open or save the file, click 'Open' and this will automatically open the BigFix Console.
  4. Log into the BigFix Console with your username/password.
  5. Once logged in, the BigFix Console will ask if you wish to subscribe to the Patches for SUSE Linux Enterprise Fixlet site, click OK.
  6. Type in your private key password and click OK.
  7. After the BigFix Console subscribes to the site, it should automatically start gathering new Fixlet messages from the site.

Note: For further information regarding SUSE (32-bit) Content please click here.

Ubuntu

Ubuntu - Downloads

For the latest BigFix release information, visit http://support.bigfix.com/bes/release/.

Ubuntu - Installation Instructions

Note: Beginning with IEM 9.0 the directory /etc/opt/BESClient/ is not automatically created by the installer. If it does not exist, you will need to manually create this directory.
  1. Download the corresponding BigFix Client DEB package file to the Ubuntu computer.
  2. Install the DEB by running the command dpkg -i <path to BigFix Client package>.
  3. Copy your actionsite masthead to the Linux BigFix Client computer (the masthead contains configuration, license, and security information). The action site masthead (actionsite.afxm) can be found in your BigFix Installation folders (by default they are placed under C:BigFix Installers). If the masthead is not named 'actionsite.afxm', rename it to 'actionsite.afxm' and place it on the computer at the following location: /etc/opt/BESClient/actionsite.afxm.
    Note: In BigFix 4.0 and later, the masthead file for each BigFix Server is downloadable at http://servername:port/masthead/masthead.afxm (example: http://bes.bigfix.com:52311/masthead/masthead.afxm).
  4. Start the BigFix Client by running the command: /etc/init.d/besclient start.

VMWare ESX Server

VMWare ESX Server - Downloads

For the latest BigFix release information, visit http://support.bigfix.com/bes/release/.

VMWare ESX Server - Installation Instructions

For installation instructions see
RedHat Linux

VMWare ESX Server - Fixlet Content

  1. To get the Fixlet content for the ESX BigFix Agent, you will need to subscribe your BigFix Server to the appropriate Fixlet site. To subscribe to a new Fixlet site, go to a computer with the BigFix Console installed.
  2. Download the ESX Evaluation masthead. (Note: This masthead is for Evaluation licenses only.)
  3. Copy your actionsite masthead to the ESX BigFix Client computer (the masthead contains configuration, license, and security information). The actionsite masthead (actionsite.afxm) can be found in your BigFix Installation folders (by default they are placed under C:BigFix Installers). If the masthead is not named 'actionsite.afxm', rename it to 'actionsite.afxm' and place it on the computer at the following location: /etc/opt/BESClient/actionsite.afxm.
  4. When prompted to open or save the file, click 'Open' and this will automatically open the BigFix Console.
  5. Log into the BigFix Console with your username/password.
  6. Once logged in, the BigFix Console will ask if you wish to subscribe to the Patches for ESX Fixlet site, click OK.
  7. Type in your private key password and click OK.
  8. After the BigFix Console subscribes to the site, it should automatically start gathering new Fixlet messages from the site.

Note: Firewall ports must be opened.

From Splunk Wiki

Jump to: navigation, search

This tutorial shows how to configure Mac OS X to forward syslog events to a remote server.
The following configuration steps were tested and validated on a MacBook Pro running Mac OS X 10.6.2 (Snow Leopard).

Background

Mac OS X Console.app (Applications - Utilities - Console.app) is the standard interface to visualize all events registered by the operating system. It is simple yet functional, but not very friendly on displaying the entries and actually finding some useful information.

Splunk has a Mac OS X version that allows for a better and more complete monitoring of the system and syslog events, it can also be installed and configured as a forwarder to your central monitoring server. But it doesn’t need to be installed for just monitoring syslog generated events.

It is worth mentioning that in order to capture events forwarded by Mac OS X (or any other syslog forwarder, actually) you have to configure the Splunk server to:
(a.) receive data inputs on UDP port 514, and
(b.) allow incoming traffic through this port on all firewalls in place between the Mac OS X and the Splunk server - including the Windows Firewall, if that’s the case.

Its also worth noting that Mac OS X will simple forward all syslog data as a single source, not separating data by log file like the Universal Forwarder does.

Configuring the Mac OS X Syslogd

The next steps are to be executed in a Terminal window, the Mac OS X command line interface. The steps to configure the syslog forwarding are:

1. Open a Terminal window:Applications - Utilities - Terminal, or by using the Spotlight (shortcut: command+space > Terminal)


2. Before touching anything, make a backup copy of the syslog configuration file (syslogd.conf) into the /tmp folder:


3. Open the configuration file on your favorite editor (in this case, we’re using vi):

Use the ’sudo’ command to execute vi with ‘root’ privileges, otherwise you won’t be able to edit the file. Enter the password for the administrator account you are currently logged in as to continue.


4. Insert the following line anywhere in your syslogd.conf file, replacing the IP address 192.168.1.12 with the IP address of your Splunk server’s network interface.

Type ‘i’ in vi to enter the insert mode (text entry), then add the line above anywhere in the file.
‘’’IMPORTANT:’’’ The selector and action fields (see below) are separated by TABs. Do not use spaces.

The syslogd.conf file consists of lines with two fields: the selector field which specifies the types of messages and priorities to which the line applies, and an action field which specifies the action to be taken if a message syslogd receives matches the selection criteria.

If you would like to forward your syslog output on a different port to the standard 514, you can do this by specifying a specific port for your destination; e.g.

results in your syslog data being forwarded to port 5140 instead of the usual port 514.

The Selectors function are encoded as a Facility.Level. The line above is basically telling the Mac OS X syslog daemon to forward a copy of all (*.*) events to the syslog server listening on the IP address 192.168.1.12. If you don’t want to send all events, you can filter them out by setting a different level - for instance, you can replace the ‘*.*’ with ‘*.notice’. Check out the syslogd.conf and the syslog manual pages for all the options.


5. Save and Exit:Press ‘ESC’ to exit insert mode, and save the file by typing ’:wq <enter>’.If you don’t want to save it now, type ’:q!‘ to exit vi without saving and start over.


6. Restart the ‘syslogd’ service:But before doing so, check if it’s running by typing:

The following commands restart the service. Enter your password one more time if necessary.

Check if the service was really shut down and restarted by typing the same command again. The counter should have been reset and the PID (5070 in the example above) should be a different one.

Done.

You can use ’tcpdump’ to verify that the events are being forwarded to the remote server. Use the command ’ifconfig’ to get the name of the Mac OS X network interface connected to the same IP network segment of the Splunk server and use it as a filter for ’tcpdump’. In this case, the interface name is ‘en1’:

To log an event - open a new Terminal window on Mac OS X and use the ’logger’ command.

If tcpdump doesn't report the Testing message, first double check the tcpdump arguments then review the configuration and check if there is connectivity between the Mac OS X station and the Splunk server.

Lastly, check that UDP/514 traffic is allowed through any firewalls.

Worst case, restore your backup copy from the /tmp folder and repeat the process.

Retrieved from 'https://wiki.splunk.com/index.php?title=Community:HowTo_Configure_Mac_OS_X_Syslog_To_Forward_Data&oldid=55207'
Comments are closed.