With the introduction of “Unified Logging” in macOS 10.12 Sierra, one can use the log command to view system log messages in a terminal. For example
sudo log stream
or
sudo log stream –process `pgrep -f /usr/local/bin/myprogram` –info –debug
or
log show –predicate ‘process == “myprogram”‘ –last 1h –info –debug
——–++++++
sudo log stream –info –predicate ‘ eventMessage contains “password”‘ –last 15m > /Users/promin/Desktop/loggs/
——— This will pull incorrect password attempts ———-
sudo log show –info –predicate ‘ eventMessage contains “incorrect password attempt”‘ –last 15m > /Users/promin/Desktop/loggs/lol.txt
log show –info –predicate ‘ eventMessage contains “login”‘ –last 3d > /Users/promin/Desktop/loggs
log show –info –predicate ‘ eventMessage contains “sudo”‘ –last 3d > /Users/promin/Desktop/loggs
———— LINKS
https://www.dssw.co.uk/blog/2017-03-02-view-power-manager-unified-logs-on-macos/