Skip to content
This repository was archived by the owner on Mar 28, 2023. It is now read-only.

Integrate with macOS unified logging #72

Open
MatthewARinehart opened this issue Jun 8, 2020 · 1 comment
Open

Integrate with macOS unified logging #72

MatthewARinehart opened this issue Jun 8, 2020 · 1 comment
Labels
logging Related to local or remote logging by the agent

Comments

@MatthewARinehart
Copy link
Contributor

MatthewARinehart commented Jun 8, 2020
edited
Loading

Why

As a security engineer, I want logs from Sinter to be integrated with macOS logging so that I can export and parse these logs in the logging solution of my choice.

Acceptance Criteria

  • Sinter logs will be displayed in the macOS logs console
  • Authorization data should be inspectable (not just a message)
    • eg: if Xcode is blocked, Sinter logs should give a reason why.
  • Timestamp formatting updates (TBD based on client feedback)
@MatthewARinehart MatthewARinehart added the logging Related to local or remote logging by the agent label Jun 8, 2020
@alessandrogario
Copy link
Member

Initial support for Unified Logging has been implemented as a new logger plugin which can be selected by setting Sinter.logger = "unifiedlogging" in the configuration file.

Messages are logged using the com.trailofbits.sinter subsystem, currently using the messages category. A new category named events will be added, for events related to exec authorizations.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
logging Related to local or remote logging by the agent
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MatthewARinehart @alessandrogario