Thursday, November 21, 2019

Catalina’s Log Can’t Be Unprivatised

Howard Oakley:

If you’ve ever accessed the unified log in macOS Sierra or later, you’ll have seen the many log entries whose crucial information is censored with <private>. Apple introduced this to prevent leakage of protected information into the log, which is an admirable aim, but unfortunately it makes many entries farcical. If you’re really unlucky, the key information for which you’re accessing the log in the first place appears there as <private>.

Apps like Cirrus have relied on an undocumented setting which can be changed by the command log config --mode 'private_data:off' run with root privileges.

But this no longer works with Catalina.


Update (2019-11-27): Howard Oakley:

Hardly any log entries made by diskarbitrationd contain usable information in their message field. Trying to diagnose disk, iCloud and OpenDirectory problems from the unified log is almost impossible as a result. For those, we have generally relied on being able to disable log censorship.

In Catalina, Apple has removed that option to disable censorship. Saagar Jha has discovered that the only way to disable censorship now is to put macOS into a special diagnostic mode intended for use exclusively by Apple engineers. George Garside has packaged Saagar Jha’s code into a command tool which can be used to remove censorship in Catalina’s log.


With the spate of iCloud problems reported from those who have upgraded to Catalina, this is particularly ill-timed. It’s not as if Apple provides any alternative: iCloud is one service for which it appears to have completely forgotten to provide any diagnostics or utilities.


The unified log is not Apple’s <private> playground. It’s a shared space, with users diagnosing problems, developers hunting bugs, support staff fixing glitches, and system administrators managing their networks. For us all to get benefit from our logs, Apple needs to provide a supported means of temporarily disabling this censorship in the unified log. If it won’t, then it’s time for Apple to admit openly that it doesn’t really want anyone else using the unified log.

2 Comments RSS · Twitter

Sören Nils Kuklau

I… get why they want to protect private data from leaking.

I really do not get, though, why I, the user/admin, cannot use an app like Console to interactively, temporarily gain access to more details.

Have they opened Console at all since Sierra? Are they not aware how much its usefulness has deteriorated, more than three years ago?

Console has been useless for years. Are Apple engineers not using their own software?

Leave a Comment