1.1 KiB
parent
| parent |
|---|
| Concepts |
Logs
Separately from the events a sync server may receive in (close to)
real-time, with metadata that is helpful for maintaining rules, Santa logs to
/var/db/santa/santa.log by default (configurable with the EventLogPath
key). All detected executions and disk mount operations are logged there.
File operations (when needed for functionality otherwise referred to as "file
integrity monitoring") can also be configured to be logged. See the
FileChangesRegex key in the configuration.md document.
To view the logs:
tail -F /var/db/santa/santa.log
The -F will continue watching the path even when the current file fills up and
rolls over.
macOS Unified Logging System (ULS)
For information more specific to Santa's health and operation, logs are also
present in ULS. Using the show command you can view Santa-specific logs in
flight, including messages related to the system extension:
/usr/bin/log show --info --debug --predicate 'senderImagePath CONTAINS[c] "santa"'