Can anyone help me with examples of what to use so I can setup remotelogging? What companies to use, what setups? I understand if this is vague, I am actually struggling on how to ask the question.
Problem: Who should be the host for this?
Description: If RemoteLogging is used, this will send the logging for Privileges.app to a remote syslog server.
If using RemoteLogging, then the following subsidiary keys must also be set:
If your organization uses a Syslog server product such as Splunk, that's what the host would be. Here's an example of what I'm using. The values of those keys should be provided by whoever manages your syslog server.
Does your organization currently have a functioning syslog server or siem? If so, the administrators of that server can provide you the necessary hostnames and severities. If not and you have the cycles to provision and manage your own, I'm sure there are plenty of available resources online. You can still use this tool without the logging if your organization doesn't have an existing logging policy.