Macbook capture Events and Logs

user-sdRNUiEQjg
New Contributor II

​Greetings, Jamf Community.

I'm looking for guidance on how to efficiently capture and correlate logs and events from a MacBook device. Specifically, I want to track user login events, device reboots, and open applications, for example, "Chrome." Can anyone recommend whether Jamf may be able to achieve this? 

Thank you.

4 ACCEPTED SOLUTIONS

AJPinto
Honored Contributor III

You are looking for something called SIEM log redirection. There are not a ton of tools that do this for macOS, but a few do exist. Jamf Protect can perform this function with its Compliance Reporting feature. With Protect, you can either let it automatically redirect logs to a SIEM like Splunk, or you and write Custom Analytic Sets and host the event logs directly in Jamf Protect. Splunk also provides a macOS agent that can redirect console logs to SIEM (being Splunk in this case).

Jamf launches Compliance Reporter

Compliance Reporter Overview - Compliance Reporter Documentation | Jamf

Collect Mac OS X metrics and logs with Splunk App for Infrastructure - Splunk Documentation

View solution in original post

KD6-3DOT7
New Contributor II

Yes, jamf has built in reporting on just this sort of information.

Computer Usage Logs

Application Usage Logs

View solution in original post

Greetings, AJPinto.

I will be investing more in Splunk and I appreciate you sharing this information.

Thank you.

View solution in original post

Hello, KD6-3DOT7.

Thank you for provding the two URL links, I will take a deeper dive.

Thanks again.

View solution in original post

4 REPLIES 4

AJPinto
Honored Contributor III

You are looking for something called SIEM log redirection. There are not a ton of tools that do this for macOS, but a few do exist. Jamf Protect can perform this function with its Compliance Reporting feature. With Protect, you can either let it automatically redirect logs to a SIEM like Splunk, or you and write Custom Analytic Sets and host the event logs directly in Jamf Protect. Splunk also provides a macOS agent that can redirect console logs to SIEM (being Splunk in this case).

Jamf launches Compliance Reporter

Compliance Reporter Overview - Compliance Reporter Documentation | Jamf

Collect Mac OS X metrics and logs with Splunk App for Infrastructure - Splunk Documentation

Greetings, AJPinto.

I will be investing more in Splunk and I appreciate you sharing this information.

Thank you.

KD6-3DOT7
New Contributor II

Yes, jamf has built in reporting on just this sort of information.

Computer Usage Logs

Application Usage Logs

Hello, KD6-3DOT7.

Thank you for provding the two URL links, I will take a deeper dive.

Thanks again.