You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228 in a MacOS using ZSH.
Based on https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
This command searches for exploitation attempts in uncompressed files in folder /var/log
and all sub folders.