How to figure out what event types to filter in im_maculs
mthoma
I've been tasked to roll out nxlog on all of our Macs. I have it working in the sense that logs are being uploaded to our syslog server.
However I've been given a list from https://www.iansresearch.com/resources/all-blogs/post/security-blog/2021/04/29/best-practices-for-macos-logging-monitoring and told to implement it.
How the heck do I find out what eventtypes to filter so that I can capture the list of logs that is on this webpage. And is this list even the right one to follow? It mentions using Consolation 3, but I have no idea how that's supposed to help me figure this out.
What is your goto source for this type of info?
