19.1. Log Basics
In computer programming generally — but especially in the Unix world —it's considered good form to make your software keep records of what it does. Although a typical user may not care that a MobileMe sync occurred at 3:15 p.m. on March 4, that Bob logged in at 3:30, or that Safari had trouble loading a web page at 3:45, this sort of information can be useful to developers who want to debug incorrect application behavior, system administrators who want to know what their users have been up to, and anyone with a need to make sure his or her computer is safe from intruders, eavesdroppers, and other bad guys. So, although you never see it happening, most of the programs on your Mac constantly record little snippets of information — each one time- and date-stamped —to text files called logs, stored in a quiet corner of your hard disk.
Millions of Mac users have never seen a log file and never will. In ordinary circumstances, you can do everything you need to do with your Mac on a daily basis without ever running into a log. But for security-conscious people, logs provide a way to find out what's been going on behind the scenes without your knowledge — giving you a chance to plug holes and correct security problems before they become serious. And in the event that your Mac does fall victim to a serious attack of some kind, careful review of your logs can tell you what went wrong so you can prevent it from happening again in the future.
19.1.1. What logs can tell you ...
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.