9

I need to debug some problems regarding user login, but many somehow interesting information in the new unified log are hidden, like this (shortened):

opendirectoryd[130]: [com.apple.opendirectoryd:session] queuing request - <private>

On some older macOS versions, there was an option to enable the logging of private data:

sudo log config --mode "private_data:on"

However, on Catalina, this results in:

log: Invalid Modes 'private_data:on'

So, question is: How to enable the logging of private data on macOS Catalina?

Improve this question

1 Answer 1

Reset to default
14

As described here Unified Logs: How to Enable Private Data you can create and install a configuration profile like this:

Profile to enable (reveal) private data

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>PayloadContent</key>
  <array>
    <dict>
      <key>PayloadDisplayName</key>
      <string>ManagedClient logging</string>
      <key>PayloadEnabled</key>
      <true/>
      <key>PayloadIdentifier</key>
      <string>com.apple.logging.ManagedClient.1</string>
      <key>PayloadType</key>
      <string>com.apple.system.logging</string>
      <key>PayloadUUID</key>
      <string>ED5DE307-A5FC-434F-AD88-187677F02222</string>
      <key>PayloadVersion</key>
      <integer>1</integer>
      <key>System</key>
      <dict>
        <key>Enable-Private-Data</key>
        <true/>
      </dict>
    </dict>
  </array>
  <key>PayloadDescription</key>
  <string>Enable Unified Log Private Data logging</string>
  <key>PayloadDisplayName</key>
  <string>Enable Unified Log Private Data</string>
  <key>PayloadIdentifier</key>
  <string>C510208B-AD6E-4121-A945-E397B61CACCF</string>
  <key>PayloadRemovalDisallowed</key>
  <false/>
  <key>PayloadScope</key>
  <string>System</string>
  <key>PayloadType</key>
  <string>Configuration</string>
  <key>PayloadUUID</key>
  <string>D30C25BD-E0C1-44C8-830A-964F27DAD4BA</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
</dict>
</plist>

Save the file as YourProfileName.mobileconfig. If you don't need to sign it or deploy it you can just double-click and as a .mobileconfig it will automatically add to Profiles in System Preferences once you authenticate.

System Preferences

Monitoring unlocking Users and Groups in System Preferences on macOS Catalina 10.15.3 with (as suggested in the linked article) this command gives the following results: 

sudo log stream --predicate '(subsystem == "com.apple.opendirectoryd") && (senderImagePath == "\/System\/Library\/OpenDirectory\/Modules\/PlistFile.bundle\/Contents\/MacOS\/PlistFile")'

  • Without profile loaded <private> data (in this case the user unlocking) is redacted: Without profile loaded

  • With the profile loaded the previous <private> data is visible: With profile loaded

Improve this answer
6
  • 3
    Thanks for this detailed answer. In fact, I read the linked article, but to be honest, I was totally scared by the need to sign it with an MDM tool. Seems to be only necessary in case you actually use an MDM tool for remote deployment.
    – PVitt
    Commented Mar 12, 2020 at 9:51
  • 3
    As a complement, this still works on macOS Big Sur (January 2022)
    – Romuald Brunet
    Commented Jan 11, 2022 at 7:59
  • 3
    Still works on macOS Monterey (12.3) (May 2022)
    – ijoseph
    Commented May 8, 2022 at 3:29
  • 2
    This still works in macOS 13.2.1 (Ventura). To confirm installation of the profile, open System Settings, click Privacy & Security in the left-side column, then scroll all the way to the bottom on the right side to find Profiles. In Profiles, double-click the “Enable Unified Log Private Data” item to install it.
    – rob mayoff
    Commented Mar 25, 2023 at 18:12
  • doesn't work on 13.6
    – Anoop Vaidya
    Commented Oct 16, 2023 at 17:40

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .