Log management on Mac OS X using Graylog

John Wheeler
6 min readMar 28, 2020
Graylog login screen

I was surprised to learn how many devices were connected to my home network. Looking at my router it identified 26 devices, both wired and wireless, that were connect. Many of them are part of a closed ecosystem that prevents me from gathering security or diagnostic information like my ecobee4’s and Amazon Cloud cam. Others were logging only locally like my Netgear switches, my QNAP NAS or my Mac Mini’s, or my raspberry pi’s. I wanted to have a central location to view logging for both security alerts as well as potential hardware failures.

To address this, I initially considered setting up a syslog server, possibly on my NAS or one of the Mac mini’s. After doing some research I ran across Graylog. Not only did it provide the central logging I was looking for, it also supported searches, filtering, and alerting. I’ve had an opportunity to use both Sumologic and Splunk and these are fantastic tools, but Sumologic’s free tier has no alerting and the same is true with Splunk. I also looked at Papertrail, but this had no retention past 7 days and you could only search 48 hours. I did not do an exhaustive comparison of these tools, but there are a lot of articles that do. I’ve read a lot of good things in my research about Graylog and the setup was surprisingly easy.

Installation method

--

--

John Wheeler

Security professional, Mac enthusiast, writing code when I have to.