Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
a
Aakif Siddiqui
06/17/2022, 8:33 PMIs it possible to use osquery to collect Mac logs and send them to Sumo logic?
j
Jason
06/17/2022, 10:23 PMits... not the best, but possible. Fleet includes the macadmins extension which seems to allow reading logs from the unified log
s
seph
06/17/2022, 10:56 PMThere's a PR up for log access. I expect it to merge in 5.4
😛artyparrot: 1
The Mac admins extension is a shell exec. May not be great for large data