Summary. Apple Mac computers keep a log of significant events and errors.
Log files can be viewed in the Console program (found under Applications > Utilities).
The system.log file (one of many log files), contains some useful information. For this reason, there are seven archives (backups) of that file.
The older system.log files are archived every night at midnight (assuming your computer is on at that time). The archived files are named system.log.0.bz2, system.log.1.bz2, system.log.3.bz2 and so on up to system.log.7.bz2.
The default setting is to keep eight of these archived log files, and delete the oldest one each time a current log file is archived.
If your computer is generally left on overnight, then you won’t have more than about 8 days of log file data.
This can be a problem if you are trying to examine your computer’s event history over an extended period of time.
To change the default settings, one must follow these steps:
- Download and run the TextWrangler editor (or similar editor program).
- From the File menu, select Open.
- From the Open dialog box, the Enable setting is set as All TextWrangler Documents. Change this to Everything.
- Navigate to the etc directory. A shortcut is available, or you can get there via the private > etc folder path.
- Open the newsyslog.conf file.
- At the bottom of the file are entries indicating the size of log files and when they are archived (with the oldest being deleted).
- The default setting for the system.log file is the following:
/var/log/system.log 640 7 * @T00 J - There are some necessary spaces and tabs above. The first part of the configuration string indicates the file and its location. The second element determines the owner or group for the file. The 7 means that there will be a total of 8 archives for the file (counting up from 0 to 7). The asterisk indicates that the file won’t be archived when it reaches a certain size, but instead when a certain time is met, in this case @T00 (at time zero zero) meaning midnight. The J indicates the kind of log file.
- So, to change this setting to something more desirable, replace the default setting with the following:
/var/log/system.log 640 10 2000 * J - This indicates that the log file will not be rotated (copied, archived, and started fresh) every night at midnight. Instead, the file will be allowed to reach 2MB in size, and then it will be archived. The 10 indicates that there will be up to 10 archives. So, you’ll end up with 20MB in log file data, and hopefully that will cover a time span that allows you to analyze your system’s performance and usage.