Category filter

Configuration profile to enable private data in macOS Unified Logs

The following document helps IT administrators enable private data in macOS unified logs using a configuration profile.

Apple has replaced its traditional Apple System Log (ASL) with a new format called the Unified Logging System. The Unified Logging System is a more centralized, efficient, and secure logging system introduced with macOS 10.12 Sierra in September 2016. With unified logs, Apple has improved privacy during logging by masking sensitive information, such as user information and DNS queries, as private. This restriction prevents any applications from reading sensitive data from the logs. However, this can also be an issue for users trying to debug issues, as they won’t be able to access this information even with administrative privileges. With the help of the following configuration profile, private data in macOS unified logs can be enabled, allowing users to access it. IT administrators can deploy this configuration profile using Hexnode’s Deploy Custom Configuration feature.

Disclaimer:

The sample configuration profile provided below is created using various profile creator applications.
The following configuration profile only works for devices running macOS 10.12 and later.

Enable private data in unified logs

The following configuration profile uses the Enable-Private-Data key to enable access to private data in the macOS unified logs.

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
<plist version="1.0"> 
<dict> 
    <key>PayloadContent</key> 
    <array> 
        <dict> 
<key>System</key> 
<dict> 
                	<key>Enable-Private-Data</key> 
<true/> 
</dict> 
<key>PayloadIdentifier</key> 
        <string>com.example.mysystemloggingpayload</string> 
        <key>PayloadType</key> 
        <string>com.apple.system.logging</string> 
        <key>PayloadUUID</key> 
        <string>0ff59613-35e9-495c-88c8-01963de4ac80</string> 
        <key>PayloadVersion</key> 
        <integer>1</integer> 
</dict> 
    </array> 
    <key>PayloadDisplayName</key> 
    <string>System Logging Settings</string> 
    <key>PayloadIdentifier</key> 
    <string>com.example.loggingconfig</string> 
    <key>PayloadRemovalDisallowed</key> 
    <false/> 
    <key>PayloadType</key> 
    <string>Configuration</string> 
    <key>PayloadUUID</key> 
    <string>F06807F4-7C54-4E4D-86D1-3B247A0534E9</string> 
    <key>PayloadVersion</key> 
    <integer>1</integer> 
</dict> 
</plist>

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>PayloadContent</key>

<array>

<dict>

<key>System</key>

<dict>

<key>Enable-Private-Data</key>

<true/>

</dict>

<key>PayloadIdentifier</key>

<string>com.example.mysystemloggingpayload</string>

<key>PayloadType</key>

<string>com.apple.system.logging</string>

<key>PayloadUUID</key>

<key>PayloadVersion</key>

</dict>

</array>

<key>PayloadDisplayName</key>

<string>System Logging Settings</string>

<key>PayloadIdentifier</key>

<string>com.example.loggingconfig</string>

<key>PayloadRemovalDisallowed</key>

<key>PayloadType</key>

<string>Configuration</string>

<key>PayloadUUID</key>

<key>PayloadVersion</key>

</dict>

</plist>

What happens at the device end?

Upon successful installation of the configuration profile, it unlocks all the private data that will be logged from the moment of installation of the profile.

You can verify the profile installation by checking the profile corresponding to the System Logging Settings within the Profiles preferences.

To observe results at the device end, open the Terminal application on your Mac and enter the following command to view unified logs related to directory services:

sudo log stream --predicate '(subsystem == "com.apple.opendirectoryd") && (senderImagePath == "\/System\/Library\/OpenDirectory\/Modules\/PlistFile.bundle\/Contents\/MacOS\/PlistFile")'

Ensure that you have unlocked the ‘Users & Groups’ section in ‘System Preferences/System Settings’ using administrative credentials, as accessing OpenDirectory logs may require administrative privileges.

Notes:

Ensure that you disable private data once you have completed troubleshooting, as leaving sensitive data unmasked may expose it to applications and pose security risks.
Disassociating the configuration profile from the macOS device will disable private data in the unified logs. This will return the logs to their default state, masking sensitive data as private in the logs.
To create and customize configuration profiles, you can use tools like Apple Configurator, Profile Manager or manually create them using text editors.
Use non-encrypted .mobileconfig, .xml, or plist files to deploy profiles across devices.
Ensure that you do not associate conflicting configurations with the devices.
It is recommended to manually validate the configuration profile on a system before executing it in bulk.
Hexnode will not be responsible for any damage/loss to the system on the behavior of the configuration profile.

Need more help?

Raise a Ticket

Ask Community

Chat With us