Posted on 04-28-2024 11:05 PM
Greetings, Jamf Community.
I'm looking for guidance on how to efficiently capture and correlate logs and events from a MacBook device. Specifically, I want to track user login events, device reboots, and open applications, for example, "Chrome." Can anyone recommend whether Jamf may be able to achieve this?
Thank you.
Solved! Go to Solution.
Posted on 04-29-2024 05:46 AM
You are looking for something called SIEM log redirection. There are not a ton of tools that do this for macOS, but a few do exist. Jamf Protect can perform this function with its Compliance Reporting feature. With Protect, you can either let it automatically redirect logs to a SIEM like Splunk, or you and write Custom Analytic Sets and host the event logs directly in Jamf Protect. Splunk also provides a macOS agent that can redirect console logs to SIEM (being Splunk in this case).
Jamf launches Compliance Reporter
Compliance Reporter Overview - Compliance Reporter Documentation | Jamf
Collect Mac OS X metrics and logs with Splunk App for Infrastructure - Splunk Documentation
Posted on 05-01-2024 07:34 AM
Yes, jamf has built in reporting on just this sort of information.
Posted on 05-13-2024 11:37 AM
Greetings, AJPinto.
I will be investing more in Splunk and I appreciate you sharing this information.
Thank you.
Posted on 05-13-2024 11:39 AM
Hello, KD6-3DOT7.
Thank you for provding the two URL links, I will take a deeper dive.
Thanks again.
Posted on 04-29-2024 05:46 AM
You are looking for something called SIEM log redirection. There are not a ton of tools that do this for macOS, but a few do exist. Jamf Protect can perform this function with its Compliance Reporting feature. With Protect, you can either let it automatically redirect logs to a SIEM like Splunk, or you and write Custom Analytic Sets and host the event logs directly in Jamf Protect. Splunk also provides a macOS agent that can redirect console logs to SIEM (being Splunk in this case).
Jamf launches Compliance Reporter
Compliance Reporter Overview - Compliance Reporter Documentation | Jamf
Collect Mac OS X metrics and logs with Splunk App for Infrastructure - Splunk Documentation
Posted on 05-13-2024 11:37 AM
Greetings, AJPinto.
I will be investing more in Splunk and I appreciate you sharing this information.
Thank you.
Posted on 05-01-2024 07:34 AM
Yes, jamf has built in reporting on just this sort of information.
Posted on 05-13-2024 11:39 AM
Hello, KD6-3DOT7.
Thank you for provding the two URL links, I will take a deeper dive.
Thanks again.