I'm tasked with getting our Mac OS clients (desktops and laptops) to log the following to splunk:
Authentication success
Authentication failures
Invalid login
Adding/removing user accounts
User Account Modification
Installation of software
Modification of relevant configuration, such as firewall, logs etc
I can't find any configuration docs for getting these types of logs from OS X -> splunk.
After reading a couple of the answers here I also found that noone seems to have had any problems with it or at least not asked any questions about it, besides that the asl(syslog)-files in OS X now is binary and hence not read by the universal forwarder.
Am I really the first one to wonder how this should be done?
↧
