Mac OS Logs

With no Agent readily available for Mac OS devices has anyone been able to onboard any logs into Azure Sentinel by Syslog or any other method?

Log Data

Rod_Trent
Jun 17, 2020
arran1580 If you're using Intune (Endpoint Manager) to manage the Mac devices, you can do the following and then setup custom log ingestion into the Log Analytics workspace for Sentinel.

https://docs.microsoft.com/en-us/mem/intune/apps/macos-shell-scripts#collect-device-logs

You will still need to do some post-ingestion parsing, though.

Rod_Trent

Microsoft

Jun 17, 2020

arran1580 If you're using Intune (Endpoint Manager) to manage the Mac devices, you can do the following and then setup custom log ingestion into the Log Analytics workspace for Sentinel.

https://docs.microsoft.com/en-us/mem/intune/apps/macos-shell-scripts#collect-device-logs

You will still need to do some post-ingestion parsing, though.

arran1580

Copper Contributor

Jun 19, 2020

Rod_Trent thanks for providing this information. I will look further at Intune (Endpoint Manager) integration with Azure Sentinel.

Forum Discussion

Mac OS Logs

Resources