Merge pull request #141 from tclahr/release/2.4.1

Release/2.4.1
tclahr · Dec 21, 2022 · 9be662a · 9be662a
2 parents 3ff93af + de42870
commit 9be662a
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file.
 
+## 2.4.1 (2022-12-21)
+
+### Fixed
+
+- macOS FSEvents were not being collected from additional volumes located at '/System/Volumes' (files/logs/macos.yaml).
+- macOS Timesync files location was fixed (files/logs/macos_unified_logs.yaml).
+
 ## 2.4.0 (2022-11-30)
 
 ### New Features

diff --git a/artifacts/files/logs/macos.yaml b/artifacts/files/logs/macos.yaml
@@ -1,11 +1,17 @@
-version: 1.0
+version: 2.0
 artifacts:
   -
     description: Collect fseventsd system logs.
     supported_os: [macos]
     collector: file
     path: /.fseventsd
     max_file_size: 1073741824 # 1GB
+  -
+    description: Collect fseventsd system logs.
+    supported_os: [macos]
+    collector: file
+    path: /System/Volumes/*/.fseventsd
+    max_file_size: 1073741824 # 1GB
   -
     description: Collect system logs.
     supported_os: [macos]

diff --git a/artifacts/files/logs/macos_unified_logs.yaml b/artifacts/files/logs/macos_unified_logs.yaml
@@ -1,4 +1,4 @@
-version: 3.0
+version: 4.0
 artifacts:
   -
     description: Collect macOS Unified Logs tracev3 files.
@@ -15,5 +15,5 @@ artifacts:
     description: Collect macOS Unified Logs timesync files.
     supported_os: [macos]
     collector: file
-    path: /private/var/db/diagnostics/Timesync
+    path: /private/var/db/diagnostics/timesync