macOS Sierra and newer
-
Endpoint Security Collect security logs from Apple’s Endpoint Security auditing subsystem.
-
Log Files Collect file-based logs in any format, such as JSON, XML, and CSV, and parse them with one of the specialized extensions.
-
Network Packet Capture Collect and parse network traffic by capturing packets from a network interface or a file.
-
Unified Logging System Collect system events from hundreds of macOS log sources.
-
Windows Event Forwarding Set up a Windows Event Collector (WEC) and receive logs from WEF clients.
OS X El Capitan and older
-
BSM Auditing Collect Basic Security Mode audit logs directly from the kernel.
-
File Integrity Monitoring Monitor file and directory changes with NXLog Agent.
-
Process Accounting Logs Monitor executed commands and process activity on Unix/Linux operating systems.