How can I log all notifications? [duplicate]
As was linked by Arthur Hammer, https://apple.stackexchange.com/a/142811/37689 states that notifications are stored in an SQLite database. The following python script should get you started:
#!/usr/bin/env python
import os
import re
import sqlite3
# Location of notification centers database under Yosemite
tmp = os.environ['TMPDIR']
conn = sqlite3.connect(tmp + '/../0/com.apple.notificationcenter/db/db')
for notification in conn.execute('SELECT * from notifications'):
encoded_data = str(notification[-1]) # last item
clean = re.sub('[^\w\s-]', '', encoded_data) # remove some funny stuff (fixme: removes too much?)
sp = clean.split('\t')
# Find NSActualdeliverydate, message content seems to always come after this
for ix in range(len(sp)):
if 'NSActualdeliverydate' in sp[ix]:
break
# Skip blanks
for ix in range(ix+1, len(sp)):
if sp[ix] != '': break
print 'notification', sp[ix].replace('_', '\n').strip()
conn.close()
You can then either pipe this to a file and then grep the file, or just grep the output of the script directly.
First locate the sqlite files db and db-wal where notification reside. As in mojave, could be found using this command:
lsof -p $(ps aux | grep -m1 usernoted | awk '{ print $2 }')| awk '{ print $9 }' | grep 'db2/db$' | xargs dirname
Then as @greenhouse mentioned, MacFronsics script is good choice to parse db file. As far as I test the script supports mojave as well.
In case someone fail to get latest notification, the most recent notifications are not likely in main db. Directly parsing db file would end up with old notifications. If you want latest notifications, remember migrate the record in db-wal(Write AHead Log) file to db first.
@oystein's answer is great, but i guess it only works for yosemite because the sqlite db for high sierra is a different db model...
so i found this easy tool... (which works for high seirra perfectly) https://github.com/ydkhatri/MacForensics/blob/master/macNotifications.py
just run with your db path input and output path .csv that you would like to create
note: to find your notification center db path, view this... https://stackoverflow.com/a/26777027
glhf!