macOS log sources

Endpoint Security Collect security logs from Apple’s Endpoint Security auditing subsystem.

Log Files Collect file-based logs in any format, such as JSON, XML, and CSV, and parse them with one of the specialized extensions.

Network Packet Capture Collect and parse network traffic by capturing packets from a network interface or a file.

Unified Logging System Collect system events from hundreds of macOS log sources.

Windows Event Forwarding Set up a Windows Event Collector (WEC) and receive logs from WEF clients.

BSM Auditing Collect Basic Security Mode audit logs directly from the kernel.

File Integrity Monitoring Monitor file and directory changes with NXLog Agent.

Process Accounting Logs Monitor executed commands and process activity on Unix/Linux operating systems.