Getting Data In

Does anyone have reference material on the inputs.conf for MAC OSs and how to get the events into Splunk?

dokaas_2
Path Finder

I'm a Windows guy working with Linux trying to get MAC OS events into Splunk.  We don't have many MACs where I work, but we do have some.  Does anyone have reference material on the inputs.conf for MAC OSs and how I get the events into Splunk?  The Splunk UF is installed, but I need to know more about what to monitor on MAC OSs.

 

Labels (1)
Tags (3)
0 Karma

magichat
New Member

You can see it  at Universal logging and Jamf Protect

https://docs.jamf.com/jamf-protect/documentation/Unified_Logging.html

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Unfortunately there is no good native way to do it after Apple changed it's logging framework without any external programs/utils.

Here is some like which you could look:

Of course you must 1st know what you want to log from those nodes.

If those logs which you are interested are normal file based logs then collect those as any other logs in unix platforms.

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...