How would you log the new Apple Security Logs in Mountain Lion 10.8. Thanks
In 10.8, data is logged to asl(syslog) instead of secure.log, so it would be something like this:
./splunk add monitor /var/log/asl
I just checked mine, and the data appears to be binary. So Splunk isn't going to read it. You could send NO_BINARY_CHECK to process the files using props.conf though.
checking thanks
From $SPLUNK_HOME/bin you can run 'splunk _internal call /services/admin/inputstatus/TailingProcessor:FileStatus > output' and then search output for the files in ASL, it'll tell you why they're ignored or if they've been read.
Still does not read the asl files - wip - thanks