Interprétation des journaux Mac: cet ordinateur a-t-il été démarré normalement?


1

** UPDATE: Le journal montre un écran de démarrage normal pour se connecter. Étais confus parce que je le comparais à un journal d'un ordinateur protégé par Firevault

BOTTES INDIQUÉES CI-DESSOUS:

Mar 29 15:41:55 localhost bootlog[0]: BOOT_TIME 1434483715 0
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.AccountPolicyHelper" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.authd" sharing output destination "/var/log/asl" with ASL Module "com.apple.asl".
Output parameters from ASL Module "com.apple.asl" override any specified in ASL Module "com.apple.authd".
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.authd" sharing output destination "/var/log/system.log" with ASL Module "com.apple.asl".
Output parameters from ASL Module "com.apple.asl" override any specified in ASL Module "com.apple.authd".
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.authd" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.awdd" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.callhistory.asl.conf" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.cloudd" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.clouddocs" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.commerce.asl" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.CoreDuetAdmissionControl" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.eventmonitor" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.family.asl" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.ical" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.icloud.FindMyDevice" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.install" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.iokit.power" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.mail" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.MessageTracer" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.networking.symptoms" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:26 --- last message repeated 1 time ---
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.performance" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.sandbox.telemetry" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.secinitd" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:23 localhost syslogd[40]: Configuration Notice:
ASL Module "com.apple.securityd" claims selected messages.
Those messages may not appear in standard system log files or in the ASL database.
Mar 29 15:42:26 --- last message repeated 6 times ---
Mar 29 15:42:23 localhost kernel[0]: Longterm timer threshold: 1000 ms
Mar 29 15:42:23 localhost kernel[0]: Darwin Kernel Version 14.3.0: Mon Mar 23 11:59:05 PDT 2015; root:xnu-2782.20.48~5/RELEASE_X86_64
Mar 29 15:42:23 localhost kernel[0]: vm_page_bootstrap: 879991 free pages and 94857 wired pages
Mar 29 15:42:23 localhost kernel[0]: kext submap [0xffffff7f80a00000 - 0xffffff8000000000], kernel text [0xffffff8000200000 - 0xffffff8000a00000]
Mar 29 15:42:23 localhost kernel[0]: zone leak detection enabled
Mar 29 15:42:23 localhost kernel[0]: "vm_compressor_mode" is 4
Mar 29 15:42:23 localhost kernel[0]: multiq scheduler config: deep-drain 0, urgent first 1, depth limit 4, band limit 127, sanity check 0
Mar 29 15:42:23 localhost kernel[0]: standard timeslicing quantum is 10000 us
Mar 29 15:42:23 localhost kernel[0]: standard background quantum is 2500 us
Mar 29 15:42:23 localhost kernel[0]: mig_table_max_displ = 13
Mar 29 15:42:23 localhost kernel[0]: AppleACPICPU: ProcessorId=0 LocalApicId=0 Enabled
Mar 29 15:42:23 localhost kernel[0]: AppleACPICPU: ProcessorId=1 LocalApicId=1 Enabled
Mar 29 15:42:23 localhost kernel[0]: calling mpo_policy_init for TMSafetyNet
Mar 29 15:42:23 localhost kernel[0]: Security policy loaded: Safety net for Time Machine (TMSafetyNet)
Mar 29 15:42:23 localhost kernel[0]: calling mpo_policy_init for AMFI
Mar 29 15:42:23 localhost kernel[0]: Security policy loaded: Apple Mobile File Integrity (AMFI)
Mar 29 15:42:23 localhost kernel[0]: calling mpo_policy_init for Sandbox
Mar 29 15:42:23 localhost kernel[0]: Security policy loaded: Seatbelt sandbox policy (Sandbox)
Mar 29 15:42:23 localhost kernel[0]: calling mpo_policy_init for Quarantine
Mar 29 15:42:23 localhost kernel[0]: Security policy loaded: Quarantine policy (Quarantine)
Mar 29 15:42:23 localhost kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
Mar 29 15:42:23 localhost kernel[0]: The Regents of the University of California. All rights reserved.
Mar 29 15:42:23 localhost kernel[0]: MAC Framework successfully initialized
Mar 29 15:42:23 localhost kernel[0]: using 16384 buffer headers and 10240 cluster IO buffer headers
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.oracle.java.Helper-Tool): Unknown key for string: SHAuthorizationRight
Mar 29 15:42:23 localhost kernel[0]: AppleKeyStore starting (BUILT: Mar 23 2015 11:37:46)
Mar 29 15:42:23 localhost kernel[0]: IOAPIC: Version 0x11 Vectors 64:87
Mar 29 15:42:23 localhost kernel[0]: ACPI: sleep states S3 S4 S5
Mar 29 15:42:23 localhost kernel[0]: pci (build 11:38:56 Mar 23 2015), flags 0xe3000, pfm64 (36 cpu) 0xf80000000, 0x80000000
Mar 29 15:42:23 localhost kernel[0]: AppleIntelCPUPowerManagement: (built 11:31:44 Mar 23 2015) initialization complete
Mar 29 15:42:23 localhost kernel[0]: [ PCI configuration begin ]
Mar 29 15:42:23 localhost kernel[0]: console relocated to 0xf80010000
Mar 29 15:42:23 localhost kernel[0]: [ PCI configuration end, bridges 6, devices 18 ]
Mar 29 15:42:23 localhost kernel[0]: NVEthernet::start - Built Mar 23 2015 11:36:34
Mar 29 15:42:23 localhost kernel[0]: FireWire (OHCI) Lucent ID 5901 built-in now active, GUID 00264afffe0761ee; max speed s800.
Mar 29 15:42:23 localhost kernel[0]: USBMSC Identifier (non-unique): 000000009833 0x5ac 0x8403 0x9833, 2
Mar 29 15:42:23 localhost kernel[0]: mcache: 2 CPU(s), 64 bytes CPU cache line size
Mar 29 15:42:23 localhost kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
Mar 29 15:42:23 localhost kernel[0]: com.apple.AppleFSCompressionTypeZlib kmod start
Mar 29 15:42:23 localhost kernel[0]: com.apple.AppleFSCompressionTypeDataless kmod start
Mar 29 15:42:23 localhost kernel[0]: com.apple.AppleFSCompressionTypeZlib load succeeded
Mar 29 15:42:23 localhost kernel[0]: com.apple.AppleFSCompressionTypeDataless load succeeded
Mar 29 15:42:23 localhost kernel[0]: AppleIntelCPUPowerManagementClient: ready
Mar 29 15:42:23 localhost kernel[0]: BTCOEXIST off 
Mar 29 15:42:23 localhost kernel[0]: BRCM tunables:
Mar 29 15:42:23 localhost kernel[0]: pullmode[1] txringsize[  256] txsendqsize[1024] reapmin[   32] reapcount[  128]
Mar 29 15:42:23 localhost kernel[0]: Got boot device = IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/SATA@B/AppleMCP79AHCI/PRT0@0/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOBlockStorageDriver/FUJITSU MJA2250BH FFS G1 Media/IOGUIDPartitionScheme/Customer@2
Mar 29 15:42:23 localhost kernel[0]: BSD root: disk0s2, major 1, minor 2
Mar 29 15:42:23 localhost kernel[0]: hfs: mounted Macintosh HD on device root_device
Mar 29 15:42:23 localhost kernel[0]: VM Swap Subsystem is ON
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (org.macosforge.xquartz.privileged_startx): The TimeOut key is no longer respected. It never did anything anyway.
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.apple.alf): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.apple.audio.coreaudiod): Unknown key for array: seatbelt-profiles
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.apple.auditd): The TimeOut key is no longer respected. It never did anything anyway.
Mar 29 15:42:22 localhost hidd[93]: void __IOHIDPlugInLoadBundles(): Loaded 0 HID plugins
Mar 29 15:42:22 localhost watchdogd[54]:  [watchdog_daemon] @(    wd_watchdog_open) - IOIteratorNext failed (kr=0)
Mar 29 15:42:22 localhost watchdogd[54]:  [watchdog_daemon] @(      wd_daemon_init) - could not initialize the hardware watchdog
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.apple.autofsd): This service is defined to be constantly running and is inherently inefficient.
Mar 29 15:42:22 localhost watchdogd[54]:  [watchdog_daemon] @(                main) - cannot initialize the watchdog service
Mar 29 15:42:22 localhost hidd[93]: IOHIDService compatibility thread running at priority 63 and schedule 2.
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.apple.backupd-status): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Mar 29 15:42:22 localhost iconservicesagent[61]: iconservicesagent launched.
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.apple.backupd.status.xpc): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.apple.bsd.dirhelper): The TimeOut key is no longer respected. It never did anything anyway.
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.apple.cmio.AVCAssistant): ThrottleInterval set to zero. You're not that important. Ignoring.
Mar 29 15:42:22 localhost watchdogd[99]:  [watchdog_daemon] @(    wd_watchdog_open) - IOIteratorNext failed (kr=0)
Mar 29 15:42:23 localhost watchdogd[99]:  [watchdog_daemon] @(      wd_daemon_init) - could not initialize the hardware watchdog
Mar 29 15:42:23 localhost watchdogd[99]:  [watchdog_daemon] @(                main) - cannot initialize the watchdog service
Mar 29 15:42:22 localhost com.apple.SecurityServer[76]: Session 100000 created
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.apple.cmio.IIDCVideoAssistant): ThrottleInterval set to zero. You're not that important. Ignoring.
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.apple.cmio.VDCAssistant): ThrottleInterval set to zero. You're not that important. Ignoring.
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.apple.configd): This service is defined to be constantly running and is inherently inefficient.
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.apple.CoreRAID): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.apple.CoreRAID): The ServiceIPC key is no longer respected. Please remove it.
Mar 29 15:42:08 localhost com.apple.xpc.launchd[1] (com.apple.installd): This key does not do anything: OnDemand
Mar 29 15:42:23 localhost com.apple.xpc.launchd[1] (com.apple.watchdogd): Service only ran for 1 seconds. Pushing respawn out by 9 seconds.
Mar 29 15:42:23 localhost kernel[0]: IO80211Controller::dataLinkLayerAttachComplete():  adding AppleEFINVRAM notification
Mar 29 15:42:23 localhost kernel[0]: IO80211Interface::efiNVRAMPublished():  
Mar 29 15:42:23 localhost kernel[0]: bpfAttach len 64 dlt 12
Mar 29 15:42:22 localhost wirelessproxd[70]: updateScanner - central is not powered on: 0
Mar 29 15:42:23 localhost iconservicesagent[61]: Starting service with cache path: /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/C/com.apple.iconservices
Mar 29 15:42:25 localhost com.apple.xpc.launchd[1] (com.avast.daemon): This service is defined to be constantly running and is inherently inefficient.
Mar 29 15:42:25 localhost syslog[147]: ChmodBPF: Forcing creation and setting permissions for /dev/bpf*
Mar 29 15:42:25 localhost powerd[50]: Activity changes from 0xffff to 0x0. Assertions:1 HidState:0
Mar 29 15:42:25 localhost com.apple.SecurityServer[76]: Entering service
Mar 29 15:42:26 localhost kernel[0]: IOGraphics flags 0x43
Mar 29 15:42:26 localhost kernel[0]: IOBluetoothUSBDFU::probe
Mar 29 15:42:26 localhost kernel[0]: IOBluetoothUSBDFU::probe ProductID - 0x8213 FirmwareVersion - 0x0208
Mar 29 15:42:26 localhost kernel[0]: **** [IOBluetoothHostControllerUSBTransport][start] -- completed -- result = TRUE -- 0x5000 ****
Mar 29 15:42:26 localhost kernel[0]: **** [BroadcomBluetoothHostControllerUSBTransport][start] -- Completed (matched on Device) -- 0x5000 ****
Mar 29 15:42:26 localhost kernel[0]: NVDAStartup: Official
Mar 29 15:42:26 localhost kernel[0]: NVDANV50HAL loaded and registered
Mar 29 15:42:26 localhost kernel[0]: [IOBluetoothHCIController][staticBluetoothTransportShowsUp] -- Received Bluetooth Controller register service notification -- 0x5000 
Mar 29 15:42:26 localhost kernel[0]: [IOBluetoothHCIController][start] -- completed
Mar 29 15:42:26 localhost kernel[0]: [IOBluetoothHCIController::setConfigState] calling registerService
Mar 29 15:42:26 localhost kernel[0]: **** [IOBluetoothHCIController][ProcessBluetoothTransportShowsUpActionWL] -- Connected to the transport successfully -- 0xfb00 -- 0x1800 -- 0x5000 ****
Mar 29 15:42:26 localhost opendirectoryd[69]: BUG in libdispatch: 14D136 - 2004 - 0x5
Mar 29 15:42:26 localhost distnoted[97]: # distnote server daemon  absolute time: 32.520141728   civil time: Tue     Mar 29 15:42:26 2015   pid: 97 uid: 241  root: yes
Mar 29 15:42:26 localhost hidd[93]: ____IOHIDSessionScheduleAsync_block_invoke: thread_id=0x105e76000
Mar 29 15:42:26 localhost hidd[93]: HID Session async scheduling initiated.
Mar 29 15:42:26 localhost hidd[93]: HID Session async root queue running at priority 63 and schedule 2.
Mar 29 15:42:26 localhost hidd[93]: HID Session async scheduling complete.
Mar 29 15:42:26 localhost hidd[93]: Successfully opened the IOHIDSession
Mar 29 15:42:26 localhost thermald[46]: Waiting for OSTT support notification
Mar 29 15:42:26 localhost com.apple.usbmuxd[75]: usbmuxd-344.6 on Mar 16 2015 at 23:31:17, running 64 bit
Mar 29 15:42:26 localhost kernel[0]: Waiting for DSMOS...
Mar 29 15:42:26 localhost kernel[0]: Previous shutdown cause: 5
Mar 29 15:42:26 localhost kernel[0]: DSMOS has arrived
Mar 29 15:42:26 localhost loginwindow[89]: Login Window Application Started
Mar 29 15:42:26 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system): Service "com.apple.ManagedClient.startup" tried to hijack endpoint "com.apple.ManagedClient.agent" from owner: com.apple.ManagedClient
Mar 29 15:42:26 localhost digest-service[176]: label: default
Mar 29 15:42:26 localhost digest-service[176]:  dbname: od:/Local/Default
Mar 29 15:42:26 localhost digest-service[176]:  mkey_file: /var/db/krb5kdc/m-key
Mar 29 15:42:26 localhost digest-service[176]:  acl_file: /var/db/krb5kdc/kadmind.acl
Mar 29 15:42:26 localhost UserEventAgent[41]: Captive: CNPluginHandler en1: Inactive

1
c'était probablement votre scanner de virus Avast, un logiciel minable (si intrusif)
Ruskes le

Merci pour la réponse, que dites-vous que le scanner de virus Avast a / a affecté? Ma question est de savoir s'il semble que cet ordinateur ait été démarré par quelqu'un d'autre qui en était équipé (pas par moi) ... et si l'écran de connexion / mot de passe avait été dépassé ou s'il avait fait quoi que ce soit. Merci
Catmac

On ne peut pas répondre à cette question à partir de ce journal, cela ressemble à un journal normal. Vous disposez du scanner de virus Avast qui apporterait des modifications, et de Wireshark, qui effectue également certaines modifications.
Ruskes

D'accord, c'est le fichier SYSTEM.LOG. Connaissez-vous d'autres fichiers journaux qui seraient plus utiles pour déterminer cela?
catmac

Vous avez besoin du journal de l'horodatage lorsque vous soupçonnez quelque chose, celui-ci va normalement conformément au journal dans ect ... Qu'est-ce qui n'est pas clair si quelqu'un le possédait, quel type d'accès avait-il? (compte invité?)
Ruskes le

Réponses:


0

La plupart de ce que vous recherchez est enregistré, le problème est de trouver le bon journal. Cette question (unix.stackexchange.com) est similaire à la vôtre et apporte quelques bonnes réponses.


0

Cela ressemble à des réponses typiques que d’autres ont entendues dans le passé, ils les répètent sans hésiter et sans aucune preuve à l’appui de leurs conclusions qui ne sont que de la régurgitation.

Je ne pense pas que les messages de journal de démarrage complets soient stockés nulle part ailleurs, car ils datent d'avant l'aube de votre système d'exploitation lui-même et devraient être stockés dans une mémoire NVRAM ou similaire, puis copiés dans la mémoire du système. Ce qui explique probablement pourquoi vous ne trouverez pas le journal de démarrage de blah blah, propriété de The Regents de l'Université de Californie, etc.

Ce que vous pouvez faire, c'est utiliser des arguments de démarrage (comme ce qu'est le mode sans échec) pour voir ce qui se passe. Le mieux que je puisse dire pour tout attraper est d'utiliser la caméra vidéo de votre téléphone au ralenti pour tout attraper. Démarrez en mode de récupération et ouvrez le terminal sous Utilitaires et tapez

nvram boot-args="debug=0x144e kextlog=0xffffffff -s -v -x"

Vous voudrez peut-être utiliser une valeur de débogage différente, il existe de nombreuses informations sur le fonctionnement des différentes valeurs. Vous pouvez ajuster le nombre de f après kextlog entre 1 et 8 au total pour augmenter ou diminuer la verbosité de ce qui est noté lors du démarrage 0xffffffff (8 f) est le plus détaillé, -s pour un utilisateur unique, -v pour le mode prolixe, -x pour un démarrage sans échec. Supprimez -x -s si vous le souhaitez, mais il est préférable de laisser -x pour l’effet complet. Redémarrez en mode de récupération et tapez nvram boot-args=pour effacer ces paramètres et revenir à la normale.

Je ne recommande pas cela pour les faibles de cœur ...

En utilisant notre site, vous reconnaissez avoir lu et compris notre politique liée aux cookies et notre politique de confidentialité.
Licensed under cc by-sa 3.0 with attribution required.