nxlog deployment security settings

Contributor II

We are rolling out NXLog to our Macs. I have the installer working, but don't have any security info to configure things like PPPC or  System Extensions. I was able to manually tick the box for Full Disk Access, but I am still getting an error message saying that im_maces|in NXLog requires Transparency, Consent, and Control (TCC) approval to connect to Endpoint Security.

If I can find the Bundle ID and Identifier, I should be able to roll that info a PPPC configuration profile which will flip the switch to turn on the Full Disk Access during install, so I don't have to manually do that.


Then to clear the error message I am getting above, I likely need a Team Identifier and/or System Extension type for the System Extensions portion of the Configuration Profile in JAMF.

I have checked their website and don't seem to find anything there in the documentation or message boards about  any identifier. Is there a way to find this info out by looking on a system that has the software installed?


Esteemed Contributor II

@VintageMacGuy The Apparency app (https://mothersruin.com/software/Apparency/) should show you the bundle identifier and signing ID for NXLog

I grabbed a copy of Apparency and installed it. I used the drag and drop method to take the binary of nxlog from /opt/nxlog/bin/ and try to get Apparency to open it up, but got an error message that says this doesn't appear to be a valid MacOS bundle. It says the extension suggests that it is a bundle, but the contents don't appear to be valid and that the info.plist may be damaged.

Thanks for the pointer to this utility - may come in handy.

Esteemed Contributor II

@VintageMacGuy Interesting they're installing a bundle from there as most companies using System Extensions appear to be moving to bundles inside applications installed in /Applications (and I believe that's either an Apple recommendation or soon to be requirement)

Yeah - it's more of a script.



Esteemed Contributor II

@VintageMacGuy If you do a Show Package Contents on the nxlog binary in the Finder does it show any contents?

Yes. The contents of nxlog include:


Esteemed Contributor II

Dropping the MacOS/nxlog file onto Apparency _might_ give you the signing ID/Team Identifier, but I'm not sure about the extension type

Thank you! I was able to find the Team Identifier - 6KBH6TBU4P

Waiting for feedback from the developer on the rest.

Esteemed Contributor II

@VintageMacGuy If you're trying to allow nxlog as a System Extension you _should_ be able to simply create a System Extension payload with the System Extension Types popup set to Allowed Team Identifiers and with the Team Identifier field set to 6KBH6TBU4P

Thank you! I am going to give that a try later this afternoon and report back.

@sdagley wrote:

@VintageMacGuy The Apparency app (https://mothersruin.com/software/Apparency/happy wheels) should show you the bundle identifier and signing ID for NXLog

Thank you. I found it.

New Contributor
New Contributor


Contributor II

Thank you for the help so far. I was able to get some information with the utilities mentioned above and put together a configuration profile and added that to JAMF, but I am still getting errors in the log.nxlog pppc.png


nxlog system extension.png



2022-08-17 08:37:05 INFO [xm_admin|agent_management] reconnecting to in 2 sec
2022-08-17 08:37:07 INFO [xm_admin|agent_management] connecting to
2022-08-17 08:37:11 ERROR [xm_admin|agent_management] couldn't connect to;Network is unreachable
2022-08-17 08:37:11 INFO [xm_admin|agent_management] reconnecting to in 4 sec
2022-08-17 08:37:14 WARNING [CORE|main] nxlog received a termination request signal, exiting...
2022-08-17 08:38:12 ERROR [im_maces|in] NXLog requires Transparency, Consent, and Control (TCC) approval to connect to Endpoint Security
2022-08-17 08:38:12 WARNING [CORE|main] no functional input modules!
2022-08-17 08:38:12 INFO [CORE|main] nxlog-5.5.7535-trial (1b5eab762@REL_v5.5) started on macOS
2022-08-17 08:38:12 INFO [xm_admin|agent_management] connecting to
2022-08-17 08:38:17 ERROR [xm_admin|agent_management] couldn't connect to;Network is unreachable
2022-08-17 08:38:17 INFO [xm_admin|agent_management] reconnecting to in 1 sec
2022-08-17 08:38:18 INFO [xm_admin|agent_management] connecting to
2022-08-17 08:38:23 ERROR [xm_admin|agent_management] couldn't connect to;Network is unreachable

I am working with nxlog to troubleshoot, but they don't have a JAMF platform to test on. They said they are reaching out to JAMF to see about getting a sandbox so we can test this, but have not seen a reply yet from JAMF.

What does the TCC approval error relate to? Is there a misconfiguration in my PPPC or System Extension configuration profile?

I was able to get the PPPC settings to work by updating the "Identifier" to:

Which is inside the app bundle. This is also the same file that needs to be drug and dropped into the PPPC Utility to get the proper settings/info. The "Open" dialog box won't work because it points to the Applications folder and will only select the App bundle and not go inside the app (unless someone knows a cool trick to get inside the app from inside a dialog box asking you to select an item).

Esteemed Contributor II

@VintageMacGuy In the Open File dialog do a Shift-Command-G (the same as the Finder's Go to Folder... command) and you can then type, or paste, the path of any file you want to open even if it's something inside an application bundle.