🔮 Frequently asked questions ​
So what is it you really try to solve? ​
We try to make audit log collection easy on modern macOS. Our goal is to make logga as seamless as if it would be a built-in macOS application.
What is the difference between logga and logga daemon? ​
logga ​
logga is a system extension application that you install as any other traditional GUI app. In order to load the extension part which collects the logs (via the logga app), you will need to manually grant Full Disk Access and approve running the binary. To avoid manual interactions, logga will be mostly handy for those who use MDM for node management. With the proper MDM configuration, running the logga application is seamless and can be easily integrated into the IT management workflow.
logga daemon ​
logga daemon is a single binary (packaged as a macOS application for code signing & distribution). With logga daemon comes a LaunchDaemon, wwhich ensures that the binary runs always runs. It is in feature parity with the regular logga application, just the deployment method differs.
Comparison ​
| Capability | logga (system extension) | logga daemon |
|---|---|---|
| MDM | not required, but makes things easier | not required |
| Full Disk Access | required | required |
| LaunchDaemon | not required | keeps the daemon alive |
| Installation compexity | as any other app | as any other app |
| Automation | ✅ | ✅ |
| Unauthorized tampering | characteristics makes it harder to tamper with | easier to tamper with |
| Audit logging | ✅ | ✅ |
| Access logging | ✅ | ✅ |
Will logga stay free? beta ​
Altough logga will be free during beta, it cannot stay free forever. We haven't figured out pricing just yet, but imagine something like this:
- We plan to have a free version with limited feature set
- Schools and Open Source: Send us an email, we will figure it out
- Commercial: There will be a volume pricing
- Enterprise: Volume pricing on steroids, premium support, weigh in on feature requests
Until then, you can download beta releases with 6 months of free license.
Can logga forward logs to {any} log store? ​
Not yet. For now, logga concentrates on being the best in a single task. However, there are plenty of good tools to tail and forward logs to almost any backends. Check out the "Log forwarders" section of the documentation, where we provide configurations to make them work with logga.
Is that all? Do you have further plans for logga? ​
Yes! We have a long-term vision:
- Visualizing access log history and making it searchable by creating a user dashboard, protected by SSO. Check who had access to your machines at a glance. Manage your team and billing.
- Smart notifications on selected events. Would you like to be notified if someone connects to your nodes via SSH? Do you want an email or Slack message on each VNC event? We got you covered.
- Let you self host the notification engine
- Enable backing up log files to S3 automatically
Do I really need to grant Full Disk Access to logga? ​
Sorry, but yes. This is actually a system extension requirement. See more details at the FDA page.
Will logga work on my Intel based Mac? ​
Logga is a universal application, so it runs on both architectures as long as it is Ventura 13.5 or later. We plan to support Intel while Apple keeps Endpoint Security parity with M1.
Is logga a native application? ​
Absolutely! logga is a system extension written entirely in Swift.