Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

macOS logs with a Splunk UF to Splunk Cloud

Norbert122
Observer
‎03-09-2023 02:37 PM

Hi all,

 

How do you collect your macOS security logs and index them into your Splunk Cloud/Enterprise instance?

 

I already have a deployment server so it would be great to just install the UF's with some parameters to connect to the DS and from there on install the app & make the UF send what the app tells it to send.

 

Is the best way to do it using the Splunk UF?

 

Apple changed to the Unified Log Database format, so how do you do it?

My manager suggested SC4S but is it necessary? Can SC4S even ingest macOS data?

We want the SC4S server to remain internal since all of us are WFH. SC4S is not recommended to be used with wireless networks/firewalls/or IDS's which we all have. So I don't think that's possible.

I would greatly appreciate your help.

Labels (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...