Macos – How to show private data in macOS unified log

loggingmacosmacos catalinaSecurity

I need to debug some problems regarding user login, but many somehow interesting information in the new unified log are hidden, like this (shortened):

opendirectoryd[130]: [com.apple.opendirectoryd:session] queuing request - <private>

On some older macOS versions, there was an option to enable the logging of private data:

sudo log config --mode "private_data:on"

However, on Catalina, this results in:

log: Invalid Modes 'private_data:on'

So, question is: How to enable the logging of private data on macOS Catalina?

Best Answer

As described here Unified Logs: How to Enable Private Data you can create and install a configuration profile like this:

Profile to enable (reveal) private data

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>PayloadContent</key>
  <array>
    <dict>
      <key>PayloadDisplayName</key>
      <string>ManagedClient logging</string>
      <key>PayloadEnabled</key>
      <true/>
      <key>PayloadIdentifier</key>
      <string>com.apple.logging.ManagedClient.1</string>
      <key>PayloadType</key>
      <string>com.apple.system.logging</string>
      <key>PayloadUUID</key>
      <string>ED5DE307-A5FC-434F-AD88-187677F02222</string>
      <key>PayloadVersion</key>
      <integer>1</integer>
      <key>System</key>
      <dict>
        <key>Enable-Private-Data</key>
        <true/>
      </dict>
    </dict>
  </array>
  <key>PayloadDescription</key>
  <string>Enable Unified Log Private Data logging</string>
  <key>PayloadDisplayName</key>
  <string>Enable Unified Log Private Data</string>
  <key>PayloadIdentifier</key>
  <string>C510208B-AD6E-4121-A945-E397B61CACCF</string>
  <key>PayloadRemovalDisallowed</key>
  <false/>
  <key>PayloadScope</key>
  <string>System</string>
  <key>PayloadType</key>
  <string>Configuration</string>
  <key>PayloadUUID</key>
  <string>D30C25BD-E0C1-44C8-830A-964F27DAD4BA</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
</dict>
</plist>

Save the file as YourProfileName.mobileconfig. If you don't need to sign it or deploy it you can just double-click and as a .mobileconfig it will automatically add to Profiles in System Preferences once you authenticate.

Monitoring unlocking Users and Groups in System Preferences on macOS Catalina 10.15.3 with (as suggested in the linked article) this command gives the following results:

sudo log stream --predicate '(subsystem == "com.apple.opendirectoryd") && (senderImagePath == "\/System\/Library\/OpenDirectory\/Modules\/PlistFile.bundle\/Contents\/MacOS\/PlistFile")'

Without profile loaded <private> data (in this case the user unlocking) is redacted:
With the profile loaded the previous <private> data is visible:

Best Answer

Profile to enable (reveal) private data

Related Solutions

Macos – How to view time machine log in MacOS Sierra

Macos – Why are the apps in “/System/Volumes/Data/Applications” and “/Applications” the same in macOS Catalina

Related Question