Using the same technique, the Wazuh agent uses the following configuration included in macOS agents to collect only relevant logs: The command uses filters to ensure that the log tool shows only the events of interest. For example, to see only sudo events, you can run the command below: % log stream -process="sudo" The log tool generates a lot of events, so it is necessary to filter for only important events. For example, running the command below will display all the logs the operating system generates: % log stream You can use the log tool in the Terminal, followed by options filters to control what logs you want to see. The Wazuh agent uses the log tool to collect logs. Figure 1: Wazuh log collection and analysis process for macOS endpoints.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |