Hi Matt, I've tried this on both Monterey and Big Sur and it's working when navigating resources in Safari. However, the NEFilterFlow.url? is nil when using applications such as Firefox or Chrome. Also, most background network activity also does not have the url property filled out. (There are a few daemons like apsd and others for which this url field is filled—but most TCP/UDP traffic still has nil.) I understand this may be a function of how DNS is resolved in client applications. Is there a more bulletproof, built-in way to correlate the resolved DNS names to the vast majority of the network traffic? I understand we can parse DNS ourselves and make these correlations, but I am initially looking for something like NEFilterFlow.url? but one that will not be nil most of the time. Thank you

Does it matter that in the MDM scenario, it's appstored that's installing the package? The install.log I see for manual install (GUI or sudo installer -pkg) vs MDM install looks substantially different. I've attached the two different logs. MDM.log GUI.log

Thanks @meaton! We are leveraging os_log already but I was curious about stdout/stderr. I'm accepting your answer as an acknowledgement that there's really not a standard way to pipe stdout/stderr for a system extension.

Ah, turns out it isn't related to LC_CTYPE but related to the use of the -fshort-wchar flag.