Création et upload d’un profil de configuration de collecteur d’événements HTTP Splunk

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadContent</key> <dict> <key>com.jamf.compliancereporter</key> <dict> <key>Forced</key> <array> <dict> <key>mcx_preference_settings</key> <dict> <key>AuditEventExcludedProcesses</key> <array> <string>/usr/sbin/mDNSResponder</string> <string>/usr/sbin/syslogd</string> <string>/Applications/splunk/bin/splunk-optimize</string> </array> <key>AuditEventExcludedUsers</key> <array> <string>_spotlight</string> <string>_windowserver</string> </array> <key>AuditEventLogVerboseMessages</key> <false/> <key>AuditLevel</key> <integer>1</integer> <key>FileEventExclusionPaths</key> <array> <string>/Applications/splunk.*</string> </array> <key>FileEventInclusionPaths</key> <array> <string>/usr/lib/pam/.*</string> <string>/Library/Launch.*</string> <string>/Library/StartupItems/.*</string> <string>/Library/Extensions/.*</string> <string>/Library/Preferences/.*</string> <string>/Library/PrivilegedHelperTools/.*</string> <string>/private/etc/.*</string> </array> <key>LicenseEmail</key> <string>example@mycompany.com</string> <key>LicenseExpirationDate</key> <string>dd/mm/yyyy</string> <key>LicenseKey</key> <string>35c...</string> <key>LicenseType</key> <string>Trial</string> <key>LicenseVersion</key> <string>1</string> <key>LogFileMaxNumberBackups</key> <integer>10</integer> <key>LogFileMaxSizeMegaBytes</key> <string>50</string> <key>LogFileOwnership</key> <string>root:wheel</string> <key>LogFilePermission</key> <string>644</string> <key>LogRemoteEndpointEnabled</key> <true/> <key>LogRemoteEndpointREST</key> <dict> <key>PublicKeyHash</key> <string>7E1DDE57-CEA3-4872-A477-CD2D6B640AFB</string> </dict> <key>LogRemoteEndpointType</key> <string>Splunk</string> <key>LogRemoteEndpointURL</key> <string>https://splunk.company.com:8088/services/collector/raw</string> <key>UnifiedLogPredicates</key> <array> <string>(subsystem == "com.apple.AccountPolicy")</string> </array> </dict> </dict> </array> </dict> </dict> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>Custom</string> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string> <key>PayloadOrganization</key> <string>Jamf inc</string> <key>PayloadType</key> <string>com.apple.ManagedClient.preferences</string> <key>PayloadUUID</key> <string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>Splunk HEC Compliance Reporter Preferences</string> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string> <key>PayloadOrganization</key> <string>Jamf inc</string> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>