MacOS – Setting a custom log

command lineconsolelogsmacos

I have to get all the chromium and firefox info logs out of /var/log/system.log and into a nice quiet /var/log/{chromium,firefox}.log.

However I can neither recall or find how to set that in syslog.conf. How would I go about doing that?

EDIT: I have been looking at the asl.conf file for the asl logging daemon. This seems to have something to do with what I want, although, going from syslog to a binary log format is directly against sense.

EDIT: To be very clear one can use syslog to dynamically slice the logs. Apple is transitioning from syslog to the apple system log. So the grep approach only deals with the deprecated /var/log syslogd files.

Switching to syslog-ng and logging to sqlite would seem to be easier, but who knows? I'm sure the proprietary format is the way to go.

Note that


is the command line tool for the ASL database.


is the C api to the syslogd daemon. The ASL replacement for the above is




has 2 modules, one writing to the files defined in


and one writing to the apple system log, as defined in


ASL seems to be the future. Syslogd is configured by both syslog.conf and asl.conf.

Best Answer

  • The situation is like that: Applications can use the syslog(3) API and the asl(3) API to log messages, other data logged can come from the kernel or from the network. All of these messages are handed over to the syslog Daemon: syslogd(8). The syslogd now outputs log messages both the BSD way (it writes stuff into various basic log files like /var/log) and into a unified log message store (/var/log/asl.log).

    If you want certain log messages not to appear in your log files (eg. you read logs like system.log by selecting them in, you will need to configure syslog.conf(5) like chiggsy said. If you want messages not to be stored in the asl database, you will need to configure asl.conf(5).

    If, for example, you do not longer want Bonjour's (mDNSResponders) Log messages to be stored in the ASL db, you will need to add the following line to /etc/asl.conf :

    ? [= Sender mDNSResponder] ignore

    … and then "gently" restart the syslogd by:

    sudo killall -HUP syslogd 

    Now, messages from mDNSResponder will no longer appear when you go into's "all messages", but still exist within your logfiles.

    Lastly, if you call syslog(1) from the command line, it acts as a nice frontend for querying the ASL db - you could for example ask it to show all messages from the Time Machine Backup starter that were logged in the last two hours by running:

    syslog -k Facility -k Sender -k Time ge −2h

    …which explains, why the ASL db is handy: you can search for log files simultaneously in "all log files".

  • Related Question