5 - Log Section

[Graphic Omitted]

The Log section allows you to view the contents of Gatekeeper's log file if the "Record it in the Log File" option is checked in the Settings section. The log is a file in which Gatekeeper and Gatekeeper Aid record all the important events they observe so that you can review them at a later date.

Each entry in the log file occupies one line of the log display. Entries for different days are separated by a line which indicates the day and date on which the entries below it occurred. All other lines in the display begin with the time at which the event occurred and are completed by a brief indication of the type of event that occurred. Important events like privilege violations are drawn in bold, red text so that you can locate them at a glance. Startup and Shutdown messages are grouped together by dotted lines in the left margin of the list so that you easily see when your Mac has been in use, or has crashed.

To see an explanation of an entry in the log file, select that entry in the log file display and click on the "Get Info" button. A dialog similar to one of the two on the next page will appear. The dialog will give you all the available details including the name of the program responsible for the operation and the name of the disk that program was stored on at the time.

Double-clicking on an entry, not surprisingly, has the same effect as selecting an entry and clicking on the "Get Info" button.

[Graphic Omitted]

Startup & Shutdown Entries

Normally, the log will contain only "Startup" and "Shutdown" entries, which tell you when your Macintosh has been started or shutdown in Gatekeeper's presence. These entries are totally routine, and are recorded only to help you determine when your Mac has been used and whether it may have been used without Gatekeeper, thereby leaving it unprotected against possible virus attacks.

HINT: To determine whether your Mac may have been used without Gatekeeper, look at the difference between the volume write counts for a Shutdown entry and the Startup entry that appears immediately after it. If the difference is greater than normal - and it's up to you to determine what's normal for your Mac - then your Mac probably has been booted with some other disk. So what's a "volume write count"? It's just the number of times any information has been written to the disk since it was last initialized. Every time you save a document, for instance, a number of writes are made to the disk and the volume write count increases accordingly.

Res & File Privilege Violation Entries

Occasionally, you may find other entries in the log file, though. These entries begin with the words "Res" or "File" and describe attempts by programs to exceed the privileges they have been granted. These entries tell you one of two things: (1) some program needs additional privileges in order to operate correctly, or (2) a virus is attempting to spread on your Macintosh and is being stopped by Gatekeeper. If you're not sure which is which, run Disinfectant 3.3, or later, to see if there are any known viruses on your Macintosh. If Disinfectant detects a virus in the program that was guilty of the privilege violation, you know that Gatekeeper was doing its job properly and stopping a virus from spreading. If Disinfectant gives your Mac a clean bill of health, though, it's up to you to determine whether the guilty program was operating normally, or was the victim of a new virus which Disinfectant cannot detect.

Some rules of thumb that may help you determine what privileges certain types of programs will require are included in the "Gatekeeper in Practice" section of this document. Read through those rules of thumb and see if any obvious explanations present themselves.

If you're still not sure what to do at this point - and that's highly understandable - contact your system administrator for help. If you don't have a system administrator to pick on, or you are a system administrator and you still can't decide how to resolve the matter, make sure you're using the latest version of Disinfectant and remember that you can always pick on me (the author) - see the Bug Reports section of this document for details.

Granting Privileges from the "Get Info" Window

If, on the other hand, you are confident that an entry in the log file merely indicates that a program needs an additional privilege in order to operate correctly, you can easily grant that privilege to the program by clicking on the "Grant Privilege" button in the "Get Info" dialog box for that entry.

After using the Grant Privilege button, you can, if you wish, switch to the Privileges section where you'll find that the guilty program has been automatically selected, and its privileges displayed, in case you want to make any adjustments (like removing the version number from the end of the program's name).

Other Entries

A number of other types of entries which are not discussed here may also be found in the Gatekeeper Log. Selecting them and clicking on the "Get Info" button will give you a brief, and hopefully informative, explanation of their meanings.

    Keyboard Shortcuts
    -------------------------------------------------------
    home                Move to top of log file.
    end                 Move to bottom of log file.
    page up             Move up one "page."
    page down           Move down one "page."
    up-arrow            Select the previous line.
    down-arrow          Select the next line.
    return              Display an explanation of the 
                        selected line. Same as clicking on 
                        the "Get Info" button.
    enter               Same as return.
    -------------------------------------------------------