<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.cmdsec.cmdreporter</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>AuditLevel</key>
<integer>1</integer>
<key>AuditEventLogVerboseMessages</key>
<false/>
<key>AuditEventExcludedProcesses</key>
<array>
<string>/Applications/splunk/bin/splunk</string>
<string>/Applications/splunk/bin/splunkd</string>
<string>/Applications/splunk/bin/splunk-optimize</string>
<string>/usr/sbin/mDNSResponder</string>
</array>
<key>FileEventExclusionPaths</key>
<array>
<string>/private/etc/cups/.*</string>
</array>
<key>FileEventInclusionPaths</key>
<array>
<string>/usr/lib/pam/.*</string>
<string>/Library/LaunchDaemons/.*</string>
<string>/Library/LaunchAgents/.*</string>
<string>/Library/StartupItems/.*</string>
<string>/Library/Extensions/.*</string>
<string>/private/etc/.*</string>
<string>/private/var/.*</string>
</array>
<key>UnifiedLogPredicates</key>
<array>
<string></string>
</array>
<!-- Remote endpoint logging master switch -->
<key>LogRemoteEndpointEnabled</key>
<true/>
<key>LogRemoteEndpointURL</key>
<string>https://endpoint4.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV2OEAFVGi2WoEGbB048Hi63VjN_DJVhV...</string>
<key>LogRemoteEndpointType</key>
<string>REST</string>
<key>LogRemoteEndpointREST</key>
<dict>
<key>PublicKeyHash</key>
<string></string>
</dict>
<key>LicenseEmail</key>
<string>dan@cmdsec.com</string>
<key>LicenseExpirationDate</key>
<string>12/01/2019</string>
<key>LicenseKey</key>
<string>6466...</string>
<key>LicenseType</key>
<string>Trial</string>
<key>LicenseVersion</key>
<string>1</string>
<key>LogFileMaxNumberBackups</key>
<integer>10</integer>
<key>LogFileMaxSizeMegaBytes</key>
<string>100</string>
<key>LogFileOwnership</key>
<string>root:wheel</string>
<key>LogFilePermission</key>
<string>644</string>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>Custom</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string>
<key>PayloadOrganization</key>
<string>cmdSecurity inc</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>internal-testing cmdReporter Preferences</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string>
<key>PayloadOrganization</key>
<string>cmdSecurity inc</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
cmdReporter Wiki