General Information
Preference Documentation
Log Data Documentation
- Log Data Examples
- Interesting Types of Events
  - SSH Logins and Activity
Related Tech and Configurations
- macOS
Compliance
- cmdReporter and US Govt Standards Details
  - How cmdReporter Meets CMMC, DFARS, and NIST 800-171 Requirements
  - NIST 800-53r4 (high) controls met by using cmdReporter
- Security Baseline Reporting Preferences
  - Security Benchmark Reporting Logs

Raw TLS Port Remote Logging Preferences

Daniel Griggs

Modified on: Tue, 31 Mar, 2020 at 12:58 PM

Overview

This article describes the preference keys available to configure the cmdReporter TLS remote logging interface.

Remote Logging Preferences (TLS)

All preference keys are required unless marked (Optional)

Key		Value Type	Sample Value	Function
LogRemoteEndpointEnabled		bool	true	Enable network transmission of log data
LogRemoteEndpointType		String	TLS	Type of remote log aggregation server. Used to define network protocol and preferences used
LogRemoteEndpointURL		String	tls://server.address:9977	URL where log data is to be sent. Applies to all remote logging types. tls:// prepend is required
LogRemoteEndpointTLS		Dictionary	-	Container dictionary for TLS preferences, no preferences directly set to this key.
	TLSServerCertificate	Array of Strings	server.company.com intemediate ca name root_ca-name	Public TLS certificate and chain common names to verify the remote server. Only System keychain is searched for certificates

Download Server Public Certificate(s)

# The resulting file may have more than one certificate. Keychain Access will 
# automatically parse them into separate cert entries when you 
# double-click or drag-drop the file this command generates
echo -n | openssl s_client -showcerts -connect HOSTNAME:PORT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/Downloads/server-public-cert.pem

Install server's public certificate(s) into the System (not System Roots) keychain. Reference certificate common names in the TLSServerCertificate preference.

Example TLS Preferences

<!-- Remote endpoint logging master switch -->
<key>LogRemoteEndpointEnabled</key>
<true/>
<!-- Start TLS Configs -->
<key>LogRemoteEndpointType</key>
<string>TLS</string>
<key>LogRemoteEndpointURL</key>
<string>tls://server.company.com:4477</string>
<key>LogRemoteEndpointTLS</key>
<dict>
  <key>TLSServerCertificate</key>
  <array>
    <string>server_name.company.com</string>
    <string>Let's Encrypt Authority X3</string>
    <string>DST Root CA X3</string>
  </array>
</dict>
<!-- End TLS Configs -->