Logkext stopped logging

[doublemarked]

After a relatively short period of time Logkext stopped logging any new text. The daemon appears to still be running, as I can still go into logKextClient and perform all operations there. The "Logging" property is still set to "on", and I can still output all the log, which stopped at about 3Kb.

Help?

[ldebrouwer]

I think I'm having the same issue here. The daemon is running, the client responds, however the logs are just empty.

Something interesting has come up though when I run sudo kextutil /System/Library/Extensions/logKext.kext the following is returned to me:

Diagnostics for /System/Library/Extensions/logKext.kext: Code Signing Failure: not code signed WARNING - Invalid signature -67062 0xFFFFFFFFFFFEFA0A for kext "/System/Library/Extensions/logKext.kext"

I believe that when there's an invalid signature or code signing failure Mavericks will not actually run the code.

I'm running logKext 2.4 on OS X 10.9.2. Any suggestions?

[everdark]

I got exactly the same problem. The program stops logging when the log file is still relatively small. And the daemon is running and the client can be opened without any problem.

When I first installed the program the system has warned me something about signature something but I didnt pay much attention at that time. Could that be the root cause?

[adamwojtkiewicz]

I have similar problem. Switching users is logged but no keystrokes. Only first few keystrokes were logged, then only users switching. macosx 10.9.

[ghost]

This thread might give some context on developers signing kernal extensions:
http://pikeralpha.wordpress.com/2013/06/13/kext-requirements-for-os-x-10-9-mavericks/

[everdark]

To work-around the random failure after a specific amount of time (not very soon to my observation), my current solution is to write a daemon that periodically kills the logKext daemon. Now the logs always keep up-to-date. This is not elegant but before a proper patch is available I'll stay in this way.

import subprocess
import time
import daemon

def loop_kill_logKextClient():
    '''Kill the keylogger daemon.'''
    while True:
        subprocess.call(['pkill', 'logKextDaemon'])
        time.sleep(3600)

def run():
    with daemon.DaemonContext():
        loop_kill_logKextClient()

if __name__ == "__main__":
    run()

I run the script via root in my .bash_profile. (just remember to add a conditioner to avoid duplicate daemons.)
By the way I am using OSX 10.9.3.

[r-b-n]

everdark
Could you explain more on how you do this. Do you just create a bash script and run it with cron?

What do you mean by "add a container to avoid duplicate daemons"not sure how to do that! Hope you have the time to get back on this.

[everdark]

Hi @r-b-n ,

The code snippet I provided itself is a daemon. I run it from my .bash_profile so that every time I am logged onto my terminal it will run in the background. To avoid run multiple daemons, I use the following script in my .bash_profile:

ps -U root | grep logKextKiller.py > /dev/null
if [ $? -eq 0 ]; then
    echo "logKext killer daemon is running."
else
    sudo python ~/myutils/logKextKiller.py
fi

so that if the daemon is already running, it will not run it again. Of course you can instead use a cron job to do the job but in that case the task is no longer needed to be wrapped as a daemon.

[r-b-n]

Ah... ok, thanks.

I tried a cron with a script that relaunches the daemon every 5 mins and that seems to work too. As you said, not elegant .... but hey ... works for now ;)

[Perturb]

Three years later and this is still a good solution, thank you @everdark. I'm a noob to launchd and have never used pkill, but thanks to your suggestion I managed to struggle my way to a similar fix.