Enable showing private logs on macOS

What's the proper way to enable showing "private" items from os_log?

I see various mobileconfig files on different web sites - signed by people I may not trust!

I would like to know where this is documented and if Apple provides such configuration profiles?

Thanks.
Devendra.
Up vote post of dparakh Down vote post of dparakh
1.2k views
Posted by
dparakh
Reply
Add a Comment

Accepted Reply

On macOS you can enable private data on specific subsystems using a configuration profile. See the discussion of Enable-Private-Data property in SystemLogging.

IMPORTANT Personally I only do this an a ‘victim’ machine, generally one of the VMs that I use for testing. I’m very reluctant to enable private data on a production Mac.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

On macOS you can enable private data on specific subsystems using a configuration profile. See the discussion of Enable-Private-Data property in SystemLogging.

IMPORTANT Personally I only do this an a ‘victim’ machine, generally one of the VMs that I use for testing. I’m very reluctant to enable private data on a production Mac.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment
Thank You Quinn!

I was able to build a profile using this information, the Configurator 2 app, inspecting some other profiles, and tweaking the generated xml by hand.

It would be nice if the Configurator 2 supported this directly.

Here's what I used - in case someone else wants to do this.

IMPORTANT: Please consider Quinn's warning about using this on a production Mac!

Code Block xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>ConsentText</key>
	<dict>
		<key>default</key>
		<string>This will enable showing private strings and data in Unified Logs.</string>
	</dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDisplayName</key>
			<string>ManagedClient logging</string>
			<key>PayloadEnabled</key>
			<true/>
			<key>PayloadIdentifier</key>
			<string>com.apple.system.logging.89AE58D8-0A4A-448B-8AE0-761DEE2D007F</string>
			<key>PayloadType</key>
			<string>com.apple.system.logging</string>
			<key>PayloadUUID</key>
			<string>89AE58D8-0A4A-448B-8AE0-761DEE2D007F</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>System</key>
			<dict>
				<key>Enable-Private-Data</key>
				<true/>
			</dict>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Allows showing private log messages.</string>
	<key>PayloadDisplayName</key>
	<string>Allow Private Logs</string>
	<key>PayloadIdentifier</key>
	<string>com.yourdomain.enable.private.logs</string>
	<key>PayloadOrganization</key>
	<string>Your Organization</string>
	<key>PayloadRemovalDisallowed</key>
	<false/>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>529DF49A-6CB3-4DE9-A29F-4C41EC88BFDD</string>
	<key>PayloadVersion</key>
	<integer>1</integer>


Save the above in a text file - give it an extension .mobileconfig - and load it in Configurator 2 - and "sign it"!

This can now be installed on any Mac.

Thanks.
Devendra.
Posted by
dparakh
Up vote reply of dparakh Down vote reply of dparakh
Add a Comment