03/02/2022, 8:35 PM
Tagging back on to @allister’s reply above to see if anyone else has any suggestions on getting opendirectoryd logs into ASL. New to Apple sys admin and Google not terribly helpful. I see opendirectoryd logs in Console under Devices, but I cannot find a specific log file that the daemon is generating to even add to the asl.conf. Looking to capture a log line such as this to then retrieve with osquery via the asl table.
Authentication failed for <private> with ODErrorCredentialsInvalid


03/03/2022, 12:51 AM
yeah continuing to leverage ASL for that seems like one of those things that COULD be 'deprecated forever but still working' but doable? I'd recommend looking at while is in flight