Tagging back on to @allister’s reply above to see if anyone else has any suggestions on getting opendirectoryd logs into ASL. New to Apple sys admin and Google not terribly helpful. I see opendirectoryd logs in Console under Devices, but I cannot find a specific log file that the daemon is generating to even add to the asl.conf. Looking to capture a log line such as this to then retrieve with osquery via the asl table.
Authentication failed for <private> with ODErrorCredentialsInvalid