Is it possible to use osquery to collect Mac logs and send t osquery #general

Is it possible to use osquery to collect Mac logs ...

Aakif Siddiqui

06/17/2022, 8:33 PM

Is it possible to use osquery to collect Mac logs and send them to Sumo logic?

Jason

06/17/2022, 10:23 PM

its... not the best, but possible. Fleet includes the macadmins extension which seems to allow reading logs from the unified log

Jason

06/17/2022, 10:23 PM

seph

06/17/2022, 10:56 PM

There's a PR up for log access. I expect it to merge in 5.4

🦜 1

seph

06/17/2022, 10:57 PM

The Mac admins extension is a shell exec. May not be great for large data

30 Views