Enable showing private logs on macOS

Question

What's the proper way to enable showing "private" items from os_log?

I see various mobileconfig files on different web sites - signed by people I may not trust!

I would like to know where this is documented and if Apple provides such configuration profiles?

Thanks.
Devendra.

macOS
OSLog

4.0k

Posted by

dparakh

Reply

Add a Comment

Answer 1

On macOS you can enable private data on specific subsystems using a configuration profile. See the discussion of Enable-Private-Data property in SystemLogging.

IMPORTANT Personally I only do this an a ‘victim’ machine, generally one of the VMs that I use for testing. I’m very reluctant to enable private data on a production Mac.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by

eskimo

Add a Comment

Answer 2

On macOS you can enable private data on specific subsystems using a configuration profile. See the discussion of Enable-Private-Data property in SystemLogging.

IMPORTANT Personally I only do this an a ‘victim’ machine, generally one of the VMs that I use for testing. I’m very reluctant to enable private data on a production Mac.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by

eskimo

Add a Comment

Answer 3

Thank You Quinn!

I was able to build a profile using this information, the Configurator 2 app, inspecting some other profiles, and tweaking the generated xml by hand.

It would be nice if the Configurator 2 supported this directly.

Here's what I used - in case someone else wants to do this.

IMPORTANT: Please consider Quinn's warning about using this on a production Mac!

Code Block xml<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>ConsentText</key>
	<dict>
		<key>default</key>
		<string>This will enable showing private strings and data in Unified Logs.</string>
	</dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDisplayName</key>
			<string>ManagedClient logging</string>
			<key>PayloadEnabled</key>
			<true/>
			<key>PayloadIdentifier</key>
			<string>com.apple.system.logging.89AE58D8-0A4A-448B-8AE0-761DEE2D007F</string>
			<key>PayloadType</key>
			<string>com.apple.system.logging</string>
			<key>PayloadUUID</key>
			<string>89AE58D8-0A4A-448B-8AE0-761DEE2D007F</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>System</key>
			<dict>
				<key>Enable-Private-Data</key>
				<true/>
			</dict>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Allows showing private log messages.</string>
	<key>PayloadDisplayName</key>
	<string>Allow Private Logs</string>
	<key>PayloadIdentifier</key>
	<string>com.yourdomain.enable.private.logs</string>
	<key>PayloadOrganization</key>
	<string>Your Organization</string>
	<key>PayloadRemovalDisallowed</key>
	<false/>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>529DF49A-6CB3-4DE9-A29F-4C41EC88BFDD</string>
	<key>PayloadVersion</key>
	<integer>1</integer>

Save the above in a text file - give it an extension .mobileconfig - and load it in Configurator 2 - and "sign it"!

This can now be installed on any Mac.

Thanks.
Devendra.

Posted by

dparakh

Add a Comment

Answer 4

This stopped working at least as of macOS 13.6.2 (22G320).

Any suggestions as to how to enable private logging now? I need it to debug an iOS Service Notification Extension.

Posted by

maz

Add a Comment

Answer 5

A workaround to reveal specific logging is to give it a %{public}@ tag

os_log("UNNotificationServiceExtension thumbnail_url urlString: %{public}@", log: OSLog.debugGeneral, String(describing: urlString))

Posted by

maz

Add a Comment

Enable showing private logs on macOS

Accepted Reply

Replies