The Unified Logging system on macOS provides a central location to store log data on the Mac. The Console and Terminal applications allow users to view, stream, and filter this data on computers to manually troubleshoot errors or detect threats.
With Jamf Protect, you can use the same predicate-based filter criteria that are often used with the log command to collect relevant log entries from computers.
To collect unified log filter data with Jamf Protect, you must do one of the following:
Collect log files locally.
Use a Jamf Protect Cloud data endpoint to collect unified logging, then enable data forwarding to a third party storage solution.
Integrate Jamf Protect with a security information and events management (SIEM) solution.
Send unified logging to a Kafka broker.
Send unified logging to a syslog server.
For unified log examples, see the Jamf Protect open source GitHub repository from Jamf Protect: jamf / jamfprotect (GitHub).