Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Change Management with Jamf Pro: macOS Setup Guide

Disclaimer: This article is no longer being updated.

This article is used as a guide in the recommended setup of the syslogd utility if you want to log changes to a syslog server and you are hosting Jamf Pro on a server with macOS Server installed. Setting up syslogd on macOS is often the most challenging aspect of setting up and using change management with syslog.

Note: Many other Unix and Linux servers can also be used for the syslog server, but this article does not address the setup of these other platforms.

  1. Follow the instructions in the Jamf Pro Administrator's Guide to enable change management and enter the address and port information for your syslog daemon. If you are running your syslog daemon on one of the machines in a Jamf Pro Cluster, note that localhost or 127.0.0.1 cannot be used since all machines in the cluster use the same syslog hostname.
  2. Go to /etc/syslog.conf on the macOS Server and make an entry for a USER facility. Essentially this is syslog’s way of sending different types of log messages to different files and/or systems. An entry like the following will work:
    USER.*                                                  /var/log/jamfsyslog.log

Note: Jamf Pro does not try to edit this file directly since it is a syslog file and may have prior configurations.

  1. Go to /System/Library/LaunchDaemons and edit the com.apple.syslogd.plist file. Remove the comments at the bottom of the file so that the Network Listener entry is used:
<key>NetworkListener</key>
<dict>
    <key>SockServiceName</key>
    <string>syslog</string>
    <key>SockType</key>
    <string>dgram</string>
</dict>

It should be noted that there are security issues involved in using the dgram service. For Jamf Pro installations that keep the syslogd server behind a firewall, dgram should not pose a problem, but administrators will want to consider the consequences.
1. Restart the syslogd launch daemon by executing the following commands:

launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

2. Read your change management messages from the file specified in Step 2.

Like Comment

Jamf wants to hear your feedback around Jamf Pro: LDAP Servers and Reports!