Help

Jamf Cloud instance and Splunk

hedenstam
New Contributor III

Posted on ‎12-09-2018 07:18 AM

Hi,

There is probably No possibility to connect the Jamf Cloud instance to my Company's Splunk platform?

Reply
3 REPLIES 3

afarnsworth
Contributor

Posted on ‎12-09-2018 10:32 AM

I'll start by saying I have never done this before, don't use Jamf Cloud, and admit there are probably better ways of accomplishing what you want but this is a method I threw together. That being said, I think you can do it but it will be a bit messy and not the most secure.

  • Setup internet facing server somewhere (AWS/Azure or on-prem in DMZ) and install with syslog-ng
  • Configure syslog-ng work with Splunk (https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html)
  • Forward Jamf Cloud logs (from https://jamfcloud.url/ChangeManagement.html) to server you setup with syslog-ng

All of this really banks on Jamf Cloud giving you that Change Management setting area. If not, until Jamf provides an option to forward syslog data to a 3rd party source, there is nothing that can be done.

Reply

cainehorr
Contributor III

Posted on ‎03-25-2019 01:15 PM

Doesn't seem that JamfCloud allows for Syslog export ability...

At least not with Jamf Pro v10.10.x

I submitted a feature request here: https://www.jamf.com/jamf-nation/feature-requests/8485/syslog-with-jamfcloud

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

0 Kudos
Reply

zachary_fisher
New Contributor III

Posted on ‎03-25-2019 02:39 PM

I have dicussed this at length with JAMF Support and the Prof Service Team. The only way, which is not the best, is listed here. https://github.com/jamf/SplunkIntegrations . I never really looked into this to be honest but I believe you can setup smart groups and pipe certain information over to splunk that way if you are on JAMFCloud. 1000% easier if you are on-prem though.

0 Kudos
Reply
li.common.scroll-to.top