Support page for ConsoleSpy…currently under construction.
In the meantime feel free to contact us if you need help.
Help with Alert Strings:
1 – Each string should be comma-separated and the search terms list should be comma-terminated. The algorithm first searches each incoming message for each word or string of words in the comma-delimited list.
sudo, flood, sharing, backup,
This will cause ConsoleSpy to trap any messages that contain ANY one of those four words.
2 – An optional exclusion string can be given after the search term, preceded by $NOT. The algorithm searches the full length of any candidate messages that were found in the first step above for a substring containing the word or words followed by $NOT and terminated by a comma. If the exclusion substring is found, the message is not trapped.
The format is [$NOT exclusion],
sudo $NOT sandboxd, …
will return any message containing the word ‘sudo’ unless it also contains the word ‘sandboxd’.
3 – In order to exclude both ’sandboxd’ and ‘launchd’ from messages containing ‘sudo’, add a second Alert string:
sudo $NOT sandboxd, sudo $NOT launchd,
4 – Strings need not be quoted, but must be comma separated.
5 – All search terms and exception terms are case-insensitive, so the search term ‘sudo’ will return ‘sudo’, ‘Sudo’, and ‘SUDO’.
6 – Multiple words within a search string (or within an exclusion string) are taken as a contiguous substring. In other words,
"backup successfully" $NOT "myMac"
searches for any message that contains the complete substring “backup successfully” and does not include the string “myMac” anywhere in the message. Specifically, the search does NOT look for two individual strings of “backup” and “successfully” (see 1. above).
7 – Likewise, multiple words in exclusion strings are treated as a contiguous substring. However, the exclusion string and the search term strings are not treated as contiguous with each other (see 2. above).
sudo lauchctl list…
will not. Similarly, this message:
May 22 16:45:16 myMac com.apple.backupd: Post-backup thinning complete: 5 expired backups removed
would be found by either