Execsnoop not working on Mac OS X

[retpoline]

Not able to get execsnoop to work on OS X even after disabling SIP.

$ sw_vers
ProductName:	Mac OS X
ProductVersion: 10.15.7

$ csrutil status
System Integrity Protection status: disabled.

bash-3.2# ./execsnoop
Tracing exec()s. Ctrl-C to end.
./execsnoop: line 160: cd: /sys/kernel/debug/tracing: No such file or directory
ERROR: accessing tracing. Root user? Kernel has FTRACE?
    debugfs mounted? (mount -t debugfs debugfs /sys/kernel/debug)

Is there a workaround or config that enables tracing on Mac?

Thanks!

[banister]

best way is using openBSM on osx

[retpoline]

best way is using openBSM on osx

Thanks @banister -- was looking around if there was an execsnoop equilivent or sample code out there for openBSM, but didn't find many similar utilities using it other than filewatcher.

Do you know if there's a similar implementation for execsnoop in openBSM?