I'm debugging a USB DriverKit driver, and noticed the os_log messages during the kernel verification checks do not have a subsystem (not my driver's logging):
{
"traceID" : 44303244788367364,
"eventMessage" : "DK: G600Driver-0x1002dd073: family entitlements check failed",
"eventType" : "logEvent",
"source" : null,
"formatString" : "DK: %s-0x%qx: family entitlements check failed\n",
"activityIdentifier" : 0,
"subsystem" : "",
"category" : "",
"threadID" : 2655768,
"senderImageUUID" : "198748B0-2858-345A-957A-45C9ACB4C2F2",
"backtrace" : {
"frames" : [
{
"imageOffset" : 9007231,
"imageUUID" : "198748B0-2858-345A-957A-45C9ACB4C2F2"
}
]
},
"bootUUID" : "",
"processImagePath" : "\/kernel",
"timestamp" : "2022-06-14 01:57:51.171906-0700",
"senderImagePath" : "\/kernel",
"machTimestamp" : 281599031530198,
"messageType" : "Default",
"processImageUUID" : "198748B0-2858-345A-957A-45C9ACB4C2F2",
"processID" : 0,
"senderProgramCounter" : 9007231,
"parentActivityIdentifier" : 0,
"timezoneName" : ""
}
Is there a recommended way (other than substring matching on the driver name) to create a predicate for filtering the log to messages relevant to my driver? Thanks.
