🏃♂️ Running logga
WARNING
Make sure you are not running logga and logga-daemon simultaneously. Doing so could result in an infinite loop of security event triggers, putting your system under heavy load.
logga
Running manually
- As a first step, launch logga from
/Applications/logga.app
- Next, click on the icon in the menu bar
- On the
Extension
tab, click on theLoad extension
toggle - Based on your system setup, occasional windows may pop up asking for authorization
- When all the access were granted the logga extension should be running
Stopping manually
Turn off the toggle in the menu bar application (Extension tab
).
INFO
Unloading the extension will stop event logging.
Scripted / Automated
Load logga system extension from CLI
WARNING
If you are not using MDM, you will still have to manually grant FDA access
bash
/Applications/logga.app/Contents/MacOS/logga load
Unload logga system extension from CLI
bash
/Applications/logga.app/Contents/MacOS/logga unload
logga daemon
INFO
LaunchDaemon on macOS is really similar to systemd on Linux: it keeps processes running (among many other things)
When installed, a LaunchDaemon is created at /Library/LaunchDaemons/
. You can start logga daemon by hand, or by a scripted automation.
starting logga daemon
bash
sudo launchctl load -w /Library/LaunchDaemons/com.logga.client.daemon.service.plist
stopping logga daemon
bash
sudo launchctl unload -w /Library/LaunchDaemons/com.logga.client.daemon.service.plist