syslogd (System Log Daemon) is a safe macOS system process. syslogd is the macOS system logging daemon that collects, stores, and manages log messages from the kernel, system services, and applications. It works alongside the newer Apple Unified Logging system (log/os_log) to provide the logging infrastructure that Console.app and the 'log' command-line tool use to display system events and diagnostic information. syslogd using minimal resources while collecting logs is normal. Be concerned if it's using high CPU — this means something on your system is generating an enormous volume of log messages, which can indicate a crashing service, a misconfigured application, or potentially malware trying to fill your disk by flooding the log.
System Log Daemon
syslogd is the macOS system logging daemon that collects, stores, and manages log messages from the kernel, system services, and applications. It works alongside the newer Apple Unified Logging system (log/os_log) to provide the logging infrastructure that Console.app and the 'log' command-line tool use to display system events and diagnostic information.
Log files consuming excessive disk space in /var/log/
High CPU from processing a flood of log messages from a chatty process
Log rotation not working, leading to multi-gigabyte log files
Console.app showing overwhelming amounts of log messages
Run 'du -sh /var/log/*' in Terminal to see which log files are largest. Files over 1 GB may indicate a process is logging excessively. The largest file's name often indicates which service is the culprit.
Open Console.app and watch the live log stream. If one process is flooding the log, you'll see its messages rapidly. Note the process name, then investigate why it's logging so much — usually a recurring error or debug logging left enabled.
Run 'sudo rm /var/log/*.gz' to remove archived (compressed) log files that are no longer needed. The system rotates logs automatically, but archived copies can accumulate over time. Current log files should not be deleted.
Run 'sudo killall syslogd' to restart the logging daemon. This clears any stuck state and forces syslogd to reopen log files. It's safe because no log data is lost — the daemon simply restarts and continues logging.
syslogd using minimal resources while collecting logs is normal. Be concerned if it's using high CPU — this means something on your system is generating an enormous volume of log messages, which can indicate a crashing service, a misconfigured application, or potentially malware trying to fill your disk by flooding the log.
CoreLock monitors system log health and can detect when processes are generating abnormally high volumes of log messages. It analyzes log patterns to identify security-relevant events like repeated authentication failures, permission denials, or signs of brute-force attacks against system services.
Download CoreLock Freelaunchd is the first process that runs when macOS boots (PID 1) and serves as the system's init and service management f...
notifyd is the macOS daemon that provides the low-level notify(3) notification mechanism used for lightweight inter-proc...
distnoted is the macOS daemon that delivers distributed notifications between processes. When one application needs to n...
syslogd is the traditional Unix system logging daemon present on macOS. It collects log messages from the kernel, system services, and applications, writing them to log files in /var/log/. On modern macOS, it works alongside Apple's Unified Logging system, which is the primary logging mechanism accessed through Console.app.
Yes. Open Console.app from /Applications/Utilities/ for a graphical interface, or use 'log show' in Terminal for command-line access. Traditional syslog files are in /var/log/ and can be viewed with 'cat' or 'less.' The most useful log for troubleshooting is usually 'log show --predicate "eventMessage contains <keyword>" --last 1h'.
Yes. syslogd is a fundamental Unix system process that has existed since the earliest versions of macOS (and Unix before it). It is code-signed by Apple, runs as root to collect system-wide logs, and is protected by System Integrity Protection. It is essential for system diagnostics and security auditing.
Download CoreLock to identify suspicious processes, detect threats, and keep your Mac running smoothly.
Download CoreLock FreeAvailable for macOS and Windows