macOS Sierra and newer

  • switch Endpoint Security Collect security logs from Apple’s Endpoint Security auditing subsystem.

  • file Log Files Collect file-based logs in any format, such as JSON, XML, and CSV, and parse them with one of the specialized extensions.

  • network Network Packet Capture Collect and parse network traffic by capturing packets from a network interface or a file.

  • flow Unified Logging System Collect system events from hundreds of macOS log sources.

  • windows Windows Event Forwarding Set up a Windows Event Collector (WEC) and receive logs from WEF clients.

OS X El Capitan and older