Where do GateKeeper and/or its XProtect component log to? I may have to meet a compliance regulation that requires tracking the logs of anti-virus running on my Mac, and wanted to know if there was a specific location, or if it was configurable in some way.
Where does Gatekeeper/XProtect log to
gatekeeper
Best Answer
Most components of macOS since Sierra use Unified Logging. This means there's not a separate file for writing logs, but rather logs are kept for as long as needed in memory and only important logs (e.g. errors) are written to disk in the unified system.log (which is also rotated frequently).
If you want to see messages as they go through the logs, you can use Console.app and filter by keywords you're interested in, but most of the log messages you see are unlikely to be persistently stored anywhere.
Metadata about Gatekeeper (e.g. files checked) and XProtect (e.g. when the definitions were last updated) are kept, not in logs, but in the relevant preferences and bundles the app uses to get data from. It doesn't appear that this meets your full requirement of keeping logs of actions.