Unified Logging in macOS

With the introduction of “Unified Logging” in macOS 10.12 Sierra, one can use the log command to view system log messages in a terminal. For example

sudo log stream

or

sudo log stream –process `pgrep -f /usr/local/bin/myprogram` –info –debug

or

log show –predicate ‘process == “myprogram”‘ –last 1h –info –debug

——–++++++
sudo log stream –info –predicate ‘ eventMessage contains “password”‘ –last 15m > /Users/promin/Desktop/loggs/

——— This will pull incorrect password attempts ———-
sudo log show –info –predicate ‘ eventMessage contains “incorrect password attempt”‘ –last 15m > /Users/promin/Desktop/loggs/lol.txt

log show –info –predicate ‘ eventMessage contains “login”‘ –last 3d > /Users/promin/Desktop/loggs

log show –info –predicate ‘ eventMessage contains “sudo”‘ –last 3d > /Users/promin/Desktop/loggs

———— LINKS

https://www.dssw.co.uk/blog/2017-03-02-view-power-manager-unified-logs-on-macos/

Leave a Reply

Your email address will not be published. Required fields are marked *