cmdReporter Wiki

Open navigation

Full Example Configuration Profile

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>PayloadContent</key>
  <array>
    <dict>
      <key>PayloadContent</key>
      <dict>
        <key>com.cmdsec.cmdreporter</key>
        <dict>
          <key>Forced</key>
          <array>
            <dict>
              <key>mcx_preference_settings</key>
              <dict>
                <key>AuditLevel</key>
                <integer>AUDIT_LEVEL</integer>
                <!-- cmdReporter event filters -->
                <key>AuditEventLogVerboseMessages</key>
                <false/>
                <key>AuditEventExcludedUsers</key>
                <array>
                  <string>_spotlight</string>
                  <string>_windowserver</string>
                </array>
                <key>AuditEventExcludedProcesses</key>
                <array>
                  <string>/usr/sbin/mDNSResponder</string>
                  <string>/usr/sbin/syslogd</string>                
                </array>
                <key>FileEventExclusionPaths</key>
                <array>
                  <string>/Applications/splunk.*</string>
                </array>
                <key>FileEventInclusionPaths</key>
                <array>
                  <string>/usr/lib/pam/.*</string>
                  <string>/Library/Launch.*</string>
                  <string>/Library/StartupItems/.*</string>
                  <string>/Library/Extensions/.*</string>
                  <string>/Library/Preferences/.*</string>
                  <string>/Library/PrivilegedHelperTools/.*</string>
                  <string>/private/etc/.*</string>
                </array>
                <!-- Remote logging master switch -->
                <key>LogRemoteEndpointEnabled</key>
                <false/>
                <!-- Remote logging master URL -->
                <key>LogRemoteEndpointURL</key>
                <string></string>
                <!-- Remote logging type switch -->
                <key>LogRemoteEndpointType</key>
                <string></string>
                <!-- Remote logging kafka settings -->
                <key>LogRemoteEndpointKafka</key>
                <dict>
                  <key>TLSServerCertificate</key>
                  <string>cert PEM string(s)</string>
                  <key>TLSClientCertificate</key>
                  <string>cert PEM string</string>
                  <key>TLSClientPrivateKey</key>
                  <string>cert PEM string</string>
                  <key>TopicName</key>
                  <string>cmdReporter</string>
                </dict>
                <!-- Remote logging REST settings -->
                <key>LogRemoteEndpointREST</key>
                <dict>
                  <key>PublicKeyHash</key>
                  <string></string>
                </dict>
                <!-- Remote logging syslog and TLS settings -->
                <key>LogRemoteEndpointTLS</key>
                <dict>
                  <key>TLSServerCertificate</key>
                  <string>cert PEM string(s)</string>
                </dict>
                <!-- Remote logging syslog header output format -->
                <key>SyslogFormatEnabled</key>
                <false/>
                <!-- Hourly unified log search strings -->
                <key>UnifiedLogPredicates</key>
                <array>
                  <string>(subsystem == "com.example.networkstatistics")</string>
                  <string>(subsystem == "com.apple.CryptoTokenKit" AND category == "AHP")</string>
                </array>
                <!-- Licensing information -->
                <key>LicenseEmail</key>
                <string>LICENSE_EMAIL</string>
                <key>LicenseExpirationDate</key>
                <string>LICENSE_DATE</string>
                <key>LicenseKey</key>
                <string>LICENSE_KEY</string>
                <key>LicenseType</key>
                <string>LICENSE_TYPE</string>
                <key>LicenseVersion</key>
                <string>1</string>
                <!-- Local log file settings -->
                <key>LogFileMaxNumberBackups</key>
                <integer>10</integer>
                <key>LogFileMaxSizeMegaBytes</key>
                <string>50</string>
                <key>LogFileOwnership</key>
                <string>root:wheel</string>
                <key>LogFilePermission</key>
                <string>644</string>
              </dict>
            </dict>
          </array>
        </dict>
      </dict>
      <key>PayloadDescription</key>
      <string></string>
      <key>PayloadDisplayName</key>
      <string>Custom</string>
      <key>PayloadEnabled</key>
      <true/>
      <key>PayloadIdentifier</key>
      <string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string>
      <key>PayloadOrganization</key>
      <string>cmdSecurity inc</string>
      <key>PayloadType</key>
      <string>com.apple.ManagedClient.preferences</string>
      <key>PayloadUUID</key>
      <string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string>
      <key>PayloadVersion</key>
      <integer>1</integer>
    </dict>
  </array>
  <key>PayloadDescription</key>
  <string></string>
  <key>PayloadDisplayName</key>
  <string>PROFILE_NAME cmdReporter Preferences</string>
  <key>PayloadEnabled</key>
  <true/>
  <key>PayloadIdentifier</key>
  <string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string>
  <key>PayloadOrganization</key>
  <string>cmdSecurity inc</string>
  <key>PayloadRemovalDisallowed</key>
  <true/>
  <key>PayloadScope</key>
  <string>System</string>
  <key>PayloadType</key>
  <string>Configuration</string>
  <key>PayloadUUID</key>
  <string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
</dict>
</plist>


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.