Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

macOS What does this Console Log mean?

S

soos

macrumors newbie
Original poster
Oct 25, 2008
27
5
I hope this is the right part of the forum to post this. I think that someone has tempered with my computer as there was someone in my home study between at around 1.05 pm for about 8 minutes while I was at work. My Mac Pro was left on at the log in screen. I have found this on my Console log when I got back. I am interested about what happened at 13.10. Are those processes done automatically by the Mac or did someone try to do something?

Thanks
Soos

03/03/2009 12:11:02, 3 Mar 2009 com.apple.backupd[14629] 2009-03-03 12:11:02.950 FindSystemFiles[14630:713] Querying receipt database for system packages
03/03/2009 12:11:03, 3 Mar 2009 com.apple.backupd[14629] 2009-03-03 12:11:03.134 FindSystemFiles[14630:713] Using system path cache.
03/03/2009 13:10:52, 3 Mar 2009 com.apple.launchctl.System[2] fsck_hfs: Volume is journaled. No checking performed.
03/03/2009 13:10:52, 3 Mar 2009 com.apple.launchctl.System[2] fsck_hfs: Use the -f option to force checking.
03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchctl.System[2] launchctl: Please convert the following to launchd: /etc/mach_init.d/dashboardadvisoryd.plist
03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchd[1] (com.apple.blued) Unknown key for boolean: EnableTransactions
03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchd[1] (org.cups.cups-lpd) Unknown key: SHAuthorizationRight
03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchd[1] (org.cups.cupsd) Unknown key: SHAuthorizationRight
03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchd[1] (org.ntp.ntpd) Unknown key: SHAuthorizationRight
03/03/2009 14:00:36, 3 Mar 2009 com.apple.launchd[1] (org.samba.smbd[97]) Stray process with PGID equal to this dead job: PID 98 PPID 1 smbd
03/03/2009 16:27:31, 3 Mar 2009 com.apple.launchd[1] (org.samba.smbd[145]) Stray process with PGID equal to this dead job: PID 146 PPID 1 smbd
 
angelwatt

angelwatt

Moderator emeritus
Aug 16, 2005
7,852
9
USA
I don't see anything suspicious. At most, the person rebooted your computer. Has your computer been exhibiting any peculiar behavior?
 
S

soos

macrumors newbie
Original poster
Oct 25, 2008
27
5
Thanks for the reply. My computer runs perfectly without problems. I was just worried that he may have tried to steal data from my computer. Do you think he could have removed my hard drive and just copied it?
 
lee1210

lee1210

macrumors 68040
Jan 10, 2005
3,182
3
Dallas, TX
if the machine doesn't have physical security, nothing else matters. If you know someone untrustworthy had physical access, it would be in your best interest to assume the worst. If you had things you consider highly sensitive on the machine, then assume this individual now has access to those things. If that means you need to change PIN numbers, reset passwords, alert an employer to a breach, etc. you should do so.

-Lee
 
C

ChrisA

macrumors G5
Jan 5, 2006
12,922
2,177
Redondo Beach, California
soos said:
Thanks for the reply. My computer runs perfectly without problems. I was just worried that he may have tried to steal data from my computer. Do you think he could have removed my hard drive and just copied it?
Click to expand...

Who knows. That wouild never show up in the log.

Here at work on some computers that contain sensitive data. We have a rule that ALL disk drives are to be physically locked up if a person is not physically in the room watching them. Of course the computer will not be connected to any network. We either have the room itself built like a vault with a steel door or we have safes in the room to hold the disks and paper documents.

The point here is that computers do not log information when they are powered off. Anyone who has physical access to the equipment can by-pass any controls simply by using a screwdriver. So who knows what happened. It would be easy to re-bot the Mac off an external firewire drive, copy data and then boot again off your system drive. You'd have no way to know.

Another way you can prevent problems is to encrypt your data.
 
Cromulent

Cromulent

macrumors 604
Oct 2, 2006
6,817
1,102
The Land of Hope and Glory
You should always, always, always (repeat 10 times more) save your critical and sensitive information in a 256bit encrypted disk image with at least a 10 alpha-numeric character password (use symbols, upper and lower case letters as well as numbers).
 
S

soos

macrumors newbie
Original poster
Oct 25, 2008
27
5
Thanks all.

What does this mean?

03/03/2009 13:10:52, 3 Mar 2009 com.apple.launchctl.System[2] fsck_hfs: Use the -f option to force checking.

Did the person try to check or look for something in my Mac?
 
lee1210

lee1210

macrumors 68040
Jan 10, 2005
3,182
3
Dallas, TX
soos said:
Thanks all.

What does this mean?

03/03/2009 13:10:52, 3 Mar 2009 com.apple.launchctl.System[2] fsck_hfs: Use the -f option to force checking.

Did the person try to check or look for something in my Mac?
Click to expand...

It likely means that during boot the system was seeing if it needed to check your filesystem, but decided it wasn't strictly necessary so it was skipped.

-Lee
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom