Unified Logging in macOS

With the introduction of “Unified Logging” in macOS 10.12 Sierra, one can use the log command to view system log messages in a terminal. For example

sudo log stream

or

sudo log stream –process `pgrep -f /usr/local/bin/myprogram` –info –debug

or

log show –predicate ‘process == “myprogram”‘ –last 1h –info –debug

——–++++++
sudo log stream –info –predicate ‘ eventMessage contains “password”‘ –last 15m > /Users/promin/Desktop/loggs/

——— This will pull incorrect password attempts ———-
sudo log show –info –predicate ‘ eventMessage contains “incorrect password attempt”‘ –last 15m > /Users/promin/Desktop/loggs/lol.txt

log show –info –predicate ‘ eventMessage contains “login”‘ –last 3d > /Users/promin/Desktop/loggs

log show –info –predicate ‘ eventMessage contains “sudo”‘ –last 3d > /Users/promin/Desktop/loggs

———— LINKS

https://www.dssw.co.uk/blog/2017-03-02-view-power-manager-unified-logs-on-macos/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.