Consume EndpointSecurity events on macOS via eslogger(1)
This is mostly an experimental library for consuming EndpointSecurity events from Go, but we also provide an example command-line.
Will show you information on file open calls:
go install github.com/tstromberg/esl/cmd/esl@latest
esl openThe eslogger(1) commannd provided by Apple is not designed to be a stable API. YMMV.