Skip to content

🏃‍♂️ Running logga

WARNING

Make sure you are not running logga and logga-daemon simultaneously. Doing so could result in an infinite loop of security event triggers, putting your system under heavy load.

logga

Running manually

  1. As a first step, launch logga from /Applications/logga.app
  2. Next, click on the icon in the menu bar
  3. On the Extension tab, click on the Load extension toggle
  4. Based on your system setup, occasional windows may pop up asking for authorization
  5. When all the access were granted the logga extension should be running

Stopping manually

Turn off the toggle in the menu bar application (Extension tab).

INFO

Unloading the extension will stop event logging.

Scripted / Automated

Load logga system extension from CLI

WARNING

If you are not using MDM, you will still have to manually grant FDA access

bash
/Applications/logga.app/Contents/MacOS/logga load

Unload logga system extension from CLI

bash
/Applications/logga.app/Contents/MacOS/logga unload

logga daemon

INFO

LaunchDaemon on macOS is really similar to systemd on Linux: it keeps processes running (among many other things)

When installed, a LaunchDaemon is created at /Library/LaunchDaemons/. You can start logga daemon by hand, or by a scripted automation.

starting logga daemon

bash
sudo launchctl load -w /Library/LaunchDaemons/com.logga.client.daemon.service.plist

stopping logga daemon

bash
sudo launchctl unload -w /Library/LaunchDaemons/com.logga.client.daemon.service.plist