https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
a

Aakif Siddiqui

06/17/2022, 8:33 PM
Is it possible to use osquery to collect Mac logs and send them to Sumo logic?
j

Jason

06/17/2022, 10:23 PM
its... not the best, but possible. Fleet includes the macadmins extension which seems to allow reading logs from the unified log
s

seph

06/17/2022, 10:56 PM
There's a PR up for log access. I expect it to merge in 5.4
🦜 1
The Mac admins extension is a shell exec. May not be great for large data
30 Views
Powered by