Integrate with macOS unified logging

trailofbits / sinter

A user-mode application authorization system for MacOS written in Swift

https://blog.trailofbits.com/2020/08/12/sinter-new-user-mode-security-enforcement-for-macos/

GNU Affero General Public License v3.0

301 stars 15 forks source link

Integrate with macOS unified logging #72

Open MatthewARinehart opened 4 years ago

MatthewARinehart commented 4 years ago

Why

As a security engineer, I want logs from Sinter to be integrated with macOS logging so that I can export and parse these logs in the logging solution of my choice.

Acceptance Criteria

Sinter logs will be displayed in the macOS logs console
Authorization data should be inspectable (not just a message)
- eg: if Xcode is blocked, Sinter logs should give a reason why.
Timestamp formatting updates (TBD based on client feedback)

alessandrogario commented 4 years ago

Initial support for Unified Logging has been implemented as a new logger plugin which can be selected by setting Sinter.logger = "unifiedlogging" in the configuration file.

Messages are logged using the com.trailofbits.sinter subsystem, currently using the messages category. A new category named events will be added, for events related to exec authorizations.