diff --git a/Library/Homebrew/cmd/postinstall.rb b/Library/Homebrew/cmd/postinstall.rb
index d677ecc1e2..16608e7731 100644
--- a/Library/Homebrew/cmd/postinstall.rb
+++ b/Library/Homebrew/cmd/postinstall.rb
@@ -18,6 +18,9 @@ module Homebrew
     Utils.safe_fork do
       if Sandbox.available? && ARGV.sandbox?
         sandbox = Sandbox.new
+        logd = HOMEBREW_LOGS/formula.name
+        logd.mkpath
+        sandbox.record_log(logd/"sandbox.postinstall.log")
         sandbox.allow_write_temp_and_cache
         sandbox.allow_write_log(formula)
         sandbox.allow_write_cellar(formula)
diff --git a/Library/Homebrew/cmd/test.rb b/Library/Homebrew/cmd/test.rb
index c4f322b604..616da440ba 100644
--- a/Library/Homebrew/cmd/test.rb
+++ b/Library/Homebrew/cmd/test.rb
@@ -37,6 +37,9 @@ module Homebrew
         Utils.safe_fork do
           if Sandbox.available? && ARGV.sandbox?
             sandbox = Sandbox.new
+            logd = HOMEBREW_LOGS/f.name
+            logd.mkpath
+            sandbox.record_log(logd/"sandbox.test.log")
             sandbox.allow_write_temp_and_cache
             sandbox.allow_write_log(f)
             sandbox.exec(*args)
diff --git a/Library/Homebrew/formula_installer.rb b/Library/Homebrew/formula_installer.rb
index 3113810af2..75cfa03d24 100644
--- a/Library/Homebrew/formula_installer.rb
+++ b/Library/Homebrew/formula_installer.rb
@@ -481,6 +481,9 @@ class FormulaInstaller
     Utils.safe_fork do
       if Sandbox.available? && ARGV.sandbox?
         sandbox = Sandbox.new
+        logd = HOMEBREW_LOGS/formula.name
+        logd.mkpath
+        sandbox.record_log(logd/"sandbox.build.log")
         sandbox.allow_write_temp_and_cache
         sandbox.allow_write_log(formula)
         sandbox.allow_write_cellar(formula)
diff --git a/Library/Homebrew/sandbox.rb b/Library/Homebrew/sandbox.rb
index 0fd3055e58..9ad9209264 100644
--- a/Library/Homebrew/sandbox.rb
+++ b/Library/Homebrew/sandbox.rb
@@ -12,6 +12,10 @@ class Sandbox
     @profile = SandboxProfile.new
   end
 
+  def record_log(file)
+    @log = file
+  end
+
   def add_rule(rule)
     @profile.add_rule(rule)
   end
@@ -54,6 +58,7 @@ class Sandbox
       seatbelt = Tempfile.new(["homebrew", ".sb"], HOMEBREW_TEMP)
       seatbelt.write(@profile.dump)
       seatbelt.close
+      @start = Time.now
       safe_system SANDBOX_EXEC, "-f", seatbelt.path, *args
     rescue
       if ARGV.verbose?
@@ -63,6 +68,18 @@ class Sandbox
       raise
     ensure
       seatbelt.unlink
+      unless @log.nil?
+        sleep 0.1 # wait for a bit to let syslog catch up the latest events.
+        syslog_args = %W[
+          -F '$((Time)(local))\ $(Sender)[$(PID)]:\ $Message'
+          -k Time ge #{@start.to_i.to_s}
+          -k Sender kernel
+          -o
+          -k Time ge #{@start.to_i.to_s}
+          -k Sender sandboxd
+        ]
+        quiet_system "syslog #{syslog_args * " "} | grep deny > #{@log}"
+      end
     end
   end