建立和上傳 Sumo Logic REST HTTP 設定描述檔

如果您使用 Sumo Logic 作為您的 SIEM 軟體,並希望使用 REST HTTP API 進行報告,建議您在 Jamf Pro 中配置 Sumo Logic REST HTTP 設定描述檔。Jamf Pro 是一種企業行動管理軟體,管理員可用來配置 Compliance Reporter 設定並將 Compliance Reporter 部署到目標電腦。

  1. Jamf Pro 中,於側邊欄頂端按一下 電腦
  2. 按一下側邊欄中的 設定描述檔
  3. 按一下 上傳
  4. 使用「一般」承載資料配置基本設定,包括要套用描述檔的層級和發佈方法。

    只會顯示套用至所選取層級的描述檔承載資料和設定。

    若要在使用電腦 PreStage 註冊進行註冊的過程中發佈描述檔,則務必要建立電腦層級的設定描述檔。

  5. 按照如下方式上傳設定描述檔,以確保視需要修改設定:
    <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadContent</key> <dict> <key>com.jamf.compliancereporter</key> <dict> <key>Forced</key> <array> <dict> <key>mcx_preference_settings</key> <dict> <key>AuditLevel</key> <integer>1</integer> <key>AuditEventLogVerboseMessages</key> <false/> <key>AuditEventExcludedProcesses</key> <array> <string>/Applications/splunk/bin/splunk</string> <string>/Applications/splunk/bin/splunkd</string> <string>/Applications/splunk/bin/splunk-optimize</string> <string>/usr/sbin/mDNSResponder</string> </array> <key>FileEventExclusionPaths</key> <array> <string>/private/etc/cups/.*</string> </array> <key>FileEventInclusionPaths</key> <array> <string>/usr/lib/pam/.*</string> <string>/Library/LaunchDaemons/.*</string> <string>/Library/LaunchAgents/.*</string> <string>/Library/StartupItems/.*</string> <string>/Library/Extensions/.*</string> <string>/private/etc/.*</string> <string>/private/var/.*</string> </array> <key>UnifiedLogPredicates</key> <array> <string></string> </array> <!-- Remote endpoint logging main switch --> <key>LogRemoteEndpointEnabled</key> <true/> <key>LogRemoteEndpointURL</key> <string>https://endpoint4.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV2OEAFVGi2WoEGbB048Hi63VjN_DJVhV...</string> <key>LogRemoteEndpointType</key> <string>REST</string> <key>LogRemoteEndpointREST</key> <dict> <key>PublicKeyHash</key> <string></string> </dict> <key>LicenseEmail</key> <string>example@mycompany.com</string> <key>LicenseExpirationDate</key> <string>mm/dd/yyyy</string> <key>LicenseKey</key> <string>6466...</string> <key>LicenseType</key> <string>Trial</string> <key>LicenseVersion</key> <string>1</string> <key>LogFileMaxNumberBackups</key> <integer>10</integer> <key>LogFileMaxSizeMegaBytes</key> <string>100</string> <key>LogFileOwnership</key> <string>root:wheel</string> <key>LogFilePermission</key> <string>644</string> </dict> </dict> </array> </dict> </dict> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>Custom</string> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string> <key>PayloadOrganization</key> <string>Jamf inc</string> <key>PayloadType</key> <string>com.apple.ManagedClient.preferences</string> <key>PayloadUUID</key> <string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>Example Compliance Reporter Preferences</string> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string> <key>PayloadOrganization</key> <string>Jamf inc</string> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>
  6. 按一下 儲存