This is my first time to using a Mac, some macOS settings need to edit due to Security Audit.
We are using macOS 10.9 to 10.12 version in 10 of iMac, we’ve had an problem is how to keep long time record for “system.log”?
Mar 13 09:18:44 BSHK001110.local authorizationhost[8125]: Failed to authenticate user <admin> (error: 9).
Mar 13 09:18:45 BSHK001110.local authorizationhost[8125]: Failed to authenticate user <admin> (error: 9).
Mar 13 09:18:45 BSHK001110.local authorizationhost[8125]: Failed to authenticate user <admin> (error: 9).
In my observation, system.log will rebuild by script if the Macs don't shutdown at night and log file only keep around one day data.
Is there any chance to change specific date (one month) to rebuild system.log file and keep one month data?
Remarks:
I have upgraded macOS 10.13.3 and found that there is no record about "Failed to authenticate". Is there any problem in macOS 10.13?
Best Answer
Your settings for for the
syslog
are found in/etc/asl.conf
.There's a section that governs how the system log operates.
Specifically, the log will rotate (by default) when it hits 5M in size, not overnight and the whole set of log files will rotate when it hits 50M cumulatively (10 files in total). If you wan to increase the size, just edit the line as you see fit.
I wouldn't increase the size of the individual files themselves, but rather the collective total.
That said, if you are collecting logs for a number of machines, you should be using a syslog server.