Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
c
cdown512
03/02/2022, 8:35 PMTagging back on to @allister’s reply above to see if anyone else has any suggestions on getting opendirectoryd logs into ASL. New to Apple sys admin and Google not terribly helpful. I see opendirectoryd logs in Console under Devices, but I cannot find a specific log file that the daemon is generating to even add to the asl.conf. Looking to capture a log line such as this to then retrieve with osquery via the asl table.
Authentication failed for <private> with ODErrorCredentialsInvalida
allister
03/03/2022, 12:51 AMyeah continuing to leverage ASL for that seems like one of those things that COULD be 'deprecated forever but still working' but doable? I'd recommend looking at https://github.com/macadmins/osquery-extension/tree/main/tables/unifiedlog while https://github.com/osquery/osquery/pull/7259 is in flight