Hi,
There is probably No possibility to connect the Jamf Cloud instance to my Company's Splunk platform?
+8I'll start by saying I have never done this before, don't use Jamf Cloud, and admit there are probably better ways of accomplishing what you want but this is a method I threw together. That being said, I think you can do it but it will be a bit messy and not the most secure.
- Setup internet facing server somewhere (AWS/Azure or on-prem in DMZ) and install with syslog-ng
- Configure syslog-ng work with Splunk (https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html)
- Forward Jamf Cloud logs (from https://jamfcloud.url/ChangeManagement.html) to server you setup with syslog-ng
All of this really banks on Jamf Cloud giving you that Change Management setting area. If not, until Jamf provides an option to forward syslog data to a 3rd party source, there is nothing that can be done.
+18Doesn't seem that JamfCloud allows for Syslog export ability...
At least not with Jamf Pro v10.10.x
I submitted a feature request here: https://www.jamf.com/jamf-nation/feature-requests/8485/syslog-with-jamfcloud
+9I have dicussed this at length with JAMF Support and the Prof Service Team. The only way, which is not the best, is listed here. https://github.com/jamf/SplunkIntegrations . I never really looked into this to be honest but I believe you can setup smart groups and pipe certain information over to splunk that way if you are on JAMFCloud. 1000% easier if you are on-prem though.
Reply
Most helpful members this week
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.