19.5. Looking for Useful Information
The first thing I should mention about Mac OS X's logs is that although they contain tons of useful information, that's nothing to the amount of useless information (under ordinary circumstances, at least). Many a user has peered into Console for the first time only to be thrown into a panic by the sheer number of messages (many of them labeled as errors or warnings). In fact, most log messages, even those that look slightly scary at first glance, are simply reporting normal events.
That said, although logs can also tell you (or an application's developer) a great deal about what might be causing crashes or other misbehavior, what this chapter is concerned with is information applicable to security rather than general-purpose debugging. Therefore, what I provide here isn't a complete tutorial on understanding logs but rather some guidelines as to how to find information that may be relevant to diagnosing and solving security problems.
For better or worse, Console offers no way to search all your logs at once nor does it group related entries from multiple logs in any way. As a result, in order to discover anything useful, you must at least have an idea of where to look; you can't simply go to a view of security problems or something of that sort. Therefore, what I present here is a list of the logs most commonly associated with security concerns — what the logs store and what to look for in terms of potential problems they may list.
NOTE
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
