Hi guys i was trying to understand what is the status of the

Question

Hi guys i was trying to understand what is the status of the `asl` table I understand it is deprecated since 10 12 but i still can query it and get data when i try in a 10 14 endpoint But is that data reliable or will I be missing events Should i be looking at using the trail of bits extension for the time being

seph · Answer

This is really an apple thing Apple deprecated it As far as I know it still works

Juan Alvarez · Answer

so do you think all system logs are still going to the ASL

seph · Answer

I don t know the answer to that

seph · Answer

I d suggest finding apple docs I ve love to know what you find

fritz · Answer

Juan I would definitely not rely on `asl` table and would instead use ToB s Unified Log extension

Juan Alvarez · Answer

Thanks guys for your answers I have been looking in the apple developer docs but the ASL seems to be completely gone just a small note saying that it is superseded by OSLog We ll consider the extension or maybe wait for the native API Thanks

grahamgilbert · Answer

There is also <https github com macadmins osquery extension|https github com macadmins osquery extension>