Zentral Ressources

Welcome to Zentral

Hi we start a new series of postings here at Medium to cover Zentral from various perspectives and provide new tutorials.

Zentral is a centralized server solution to gather, process, and monitor system events to link them to an inventory.

You may previously come across Zentral since we’ve launched as a open source project back in 2015 at the MacSysAdmin conference (Sweden). We have presented details about Zentral at some other Mac centric conferences (see links below) over last two years. We are around to chat at the popular Slack #macadmins and of course recommend you to follow our GitHub repository.

What Zentral ?

Zentral is an open source data analysis framework to complement existing client management tools (for Mac that’s Munki, Jamf Pro) with extra logging and analytics. Zentral is build with a dedication for macOS endpoints and used in production by several managed service providers and various organisations around the globe.

Zentral got some attention for it’s TLS configuration management for the popular Osquery and amazing Google Santa . So you have proper config management and event logging from both security tools in a single service.

The core of Zentral is build around a time series database coupled with capacity to capture event data from a large number of different datasources. For this purpose Zentral builds it’s processing capabilities on top of the ElasticStack (formerly known as the ELK Stack). As a result you can easily probe into real time events and historically stored data.

Event data received by Zentral can be searched, processed and used for time based visualisation in Kibana with option to build custom dashboards.

The full event stream processing and filtering capabilities in Zentral empower you to search and notify on events, define custom rules and logic to trigger a staged alerting, or run your automated IT management based on realtime events in your fleet.

Zentral is build as open source with a special dedication for macOS endpoints ready to run along with Munki, Jamf Pro management tools, to boost overall operation, security and compliance in your organisation.

A selection of build in technologies and integrations (as illustrated above & listed below)

  • Munki
  • Jamf Pro webhooks
  • JamfPro JSS API
  • Elastic Stack / ELK Stack
  • Osquery
  • Google Santa
  • OpenBSM / auditd
  • Zendesk / Ticketing systems
  • Slack / Team-Chat systems
  • Trello / Kanban boards
  • AWS Kinesis
  • Build a unified event stream from macOS into Enterprise SIEMs

Zentral is build in tradition to the open source development methodology, we run under a Apache 2.0 license. The Zentral source code is available at GitHub, we provide our full code base and deployment examples based on Docker or have pre-build Packer based images ready to run for AWS and Google Cloud Platform deployments (named zentral-all-in-one). These deployments have in commen that we bundle best breed of additional open source projects into a rich service. You can operate Zentral on premises, in a datacenter of your choice, or we can a SaaS for you on request.

Get me started

As a follow up to this initial posting, we will beginn with a series of in depth & hands on tutorials to complement our wiki. We start with Zentral-all-in-one to complement (links to the postings follow soon)

To heat up and/or recap feel free to look into previous infos available in our series of video tutorials, and follow the selected conference links and resources below. You can reach out to us at #macadmin slack channel or at get in contact here .


Upcoming at Kolide hosted QueryCon https://querycon.io/


MacDevOps:YVR conference — Zentral: What’s New?

MacadUK— Zentral-journeys from logging towards manage osquery and incident response


MacDevOps:YVR conference — Combine power of Osquery, Santa and Zentral


MacSysAdmin conference — A preview of Zentral (starts at 36:20)