I'm tasked with getting our Mac OS clients (desktops and laptops) to log the following to splunk:
Authentication success Authentication failures Invalid login Adding/removing user accounts User Account Modification Installation of software Modification of relevant configuration, such as firewall, logs etc
I can't find any configuration docs for getting these types of logs from OS X -> splunk. After reading a couple of the answers here I also found that noone seems to have had any problems with it or at least not asked any questions about it, besides that the asl(syslog)-files in OS X now is binary and hence not read by the universal forwarder.
Am I really the first one to wonder how this should be done?
... View more