+4​Greetings, Jamf Community.
I'm looking for guidance on how to efficiently capture and correlate logs and events from a MacBook device. Specifically, I want to track user login events, device reboots, and open applications, for example, "Chrome." Can anyone recommend whether Jamf may be able to achieve this?
Thank you.
Best answer by AJPinto
You are looking for something called SIEM log redirection. There are not a ton of tools that do this for macOS, but a few do exist. Jamf Protect can perform this function with its Compliance Reporting feature. With Protect, you can either let it automatically redirect logs to a SIEM like Splunk, or you and write Custom Analytic Sets and host the event logs directly in Jamf Protect. Splunk also provides a macOS agent that can redirect console logs to SIEM (being Splunk in this case).
Jamf launches Compliance Reporter
Compliance Reporter Overview - Compliance Reporter Documentation | Jamf
Collect Mac OS X metrics and logs with Splunk App for Infrastructure - Splunk Documentation
+26You are looking for something called SIEM log redirection. There are not a ton of tools that do this for macOS, but a few do exist. Jamf Protect can perform this function with its Compliance Reporting feature. With Protect, you can either let it automatically redirect logs to a SIEM like Splunk, or you and write Custom Analytic Sets and host the event logs directly in Jamf Protect. Splunk also provides a macOS agent that can redirect console logs to SIEM (being Splunk in this case).
Jamf launches Compliance Reporter
Compliance Reporter Overview - Compliance Reporter Documentation | Jamf
Collect Mac OS X metrics and logs with Splunk App for Infrastructure - Splunk Documentation
+1Yes, jamf has built in reporting on just this sort of information.
+4You are looking for something called SIEM log redirection. There are not a ton of tools that do this for macOS, but a few do exist. Jamf Protect can perform this function with its Compliance Reporting feature. With Protect, you can either let it automatically redirect logs to a SIEM like Splunk, or you and write Custom Analytic Sets and host the event logs directly in Jamf Protect. Splunk also provides a macOS agent that can redirect console logs to SIEM (being Splunk in this case).
Jamf launches Compliance Reporter
Compliance Reporter Overview - Compliance Reporter Documentation | Jamf
Collect Mac OS X metrics and logs with Splunk App for Infrastructure - Splunk Documentation
Greetings, AJPinto.
I will be investing more in Splunk and I appreciate you sharing this information.
Thank you.
+4Yes, jamf has built in reporting on just this sort of information.
Hello, KD6-3DOT7.
Thank you for provding the two URL links, I will take a deeper dive.
Thanks again.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.