sinter icon indicating copy to clipboard operation
sinter copied to clipboard
verified publisher icon trailofbits

Integrate with macOS unified logging

Open MatthewARinehart opened this issue 5 years ago • 1 comments

Why

As a security engineer, I want logs from Sinter to be integrated with macOS logging so that I can export and parse these logs in the logging solution of my choice.

Acceptance Criteria

  • Sinter logs will be displayed in the macOS logs console
  • Authorization data should be inspectable (not just a message)
    • eg: if Xcode is blocked, Sinter logs should give a reason why.
  • Timestamp formatting updates (TBD based on client feedback)

MatthewARinehart avatar Jun 08 '20 18:06 MatthewARinehart

Initial support for Unified Logging has been implemented as a new logger plugin which can be selected by setting Sinter.logger = "unifiedlogging" in the configuration file.

Messages are logged using the com.trailofbits.sinter subsystem, currently using the messages category. A new category named events will be added, for events related to exec authorizations.

alessandrogario avatar Jun 09 '20 14:06 alessandrogario