<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.cmdsec.cmdreporter</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>AuditEventExcludedProcesses</key>
<array>
<string>/usr/sbin/mDNSResponder</string>
<string>/usr/sbin/syslogd</string>
<string>/Applications/splunk/bin/splunk-optimize</string>
</array>
<key>AuditEventExcludedUsers</key>
<array>
<string>_spotlight</string>
<string>_windowserver</string>
</array>
<key>AuditEventLogVerboseMessages</key>
<false />
<key>AuditLevel</key>
<integer>AUDIT_LEVEL</integer>
<key>LicenseEmail</key>
<string>LICENSE_EMAIL</string>
<key>LicenseExpirationDate</key>
<string>LICENSE_DATE</string>
<key>LicenseKey</key>
<string>LICENSE_KEY</string>
<key>LicenseType</key>
<string>LICENSE_TYPE</string>
<key>LicenseVersion</key>
<string>1</string>
<key>LogFileMaxNumberBackups</key>
<integer>10</integer>
<key>LogFileMaxSizeMegaBytes</key>
<string>50</string>
<key>LogFileOwnership</key>
<string>root:wheel</string>
<key>LogFilePermission</key>
<string>644</string>
<key>LogRemoteEndpointAWSKinesis</key>
<dict>
<key>AccessKeyId</key>
<string></string>
<key>Region</key>
<string>us-east-1</string>
<key>SecretKey</key>
<string></string>
<key>StreamName</key>
<string></string>
</dict>
<key>LogRemoteEndpointEnabled</key>
<true />
<key>LogRemoteEndpointKafka</key>
<dict>
<key>TLSClientCertificate</key>
<string>cert_common_name</string>
<key>TLSClientPrivateKey</key>
<string>cert PEM string</string>
<key>TLSServerCertificate</key>
<string>cert_common_name</string>
<key>TopicName</key>
<string>cmdReporter</string>
</dict>
<key>LogRemoteEndpointREST</key>
<dict>
<key>PublicKeyHash</key>
<string></string>
<key>Username</key>
<string></string>
<key>Password</key>
<string></string>
</dict>
<key>LogRemoteEndpointSyslog</key>
<dict>
<key>TLSServerCertificate</key>
<array>
<string></string>
</array>
</dict>
<key>LogRemoteEndpointTLS</key>
<dict>
<key>TLSServerCertificate</key>
<array>
<string>common_name</string>
</array>
</dict>
<key>LogRemoteEndpointType</key>
<string></string>
<key>LogRemoteEndpointURL</key>
<string></string>
<key>UnifiedLogPredicates</key>
<array>
<string>(subsystem == "com.apple.AccountPolicy")</string>
</array>
<key>ProhibitedApps</key>
<dict>
<key>PAExecutableNames</key>
<array>
<string></string>
</array>
<key>PASigningIdentifiers</key>
<array>
<string>com.apple.Chess</string>
</array>
<key>PATeamIdentifiers</key>
<array>
<string></string>
</array>
</dict>
<key>PlaintextLogCollectionPaths</key>
<array>
<string>/var/log/jamf.log</string>
</array>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>Custom</string>
<key>PayloadEnabled</key>
<true />
<key>PayloadIdentifier</key>
<string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string>
<key>PayloadOrganization</key>
<string>cmdSecurity inc</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>PROFILE_NAME cmdReporter Preferences</string>
<key>PayloadEnabled</key>
<true />
<key>PayloadIdentifier</key>
<string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string>
<key>PayloadOrganization</key>
<string>cmdSecurity inc</string>
<key>PayloadRemovalDisallowed</key>
<true />
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
cmdReporter Wiki