How to use the command 'log' (with examples)
- Osx
- December 25, 2023
The ’log’ command is used to view, export, and configure logging systems. It provides various options for streaming and exporting logs as well as filtering logs based on specific criteria.
Use case 1: Stream live system logs
Code:
log stream
Motivation: This use case is useful when you want to monitor live system logs in real-time. It allows you to see the latest log entries as they occur, which can be helpful for troubleshooting and debugging purposes.
Explanation: The ’log stream’ command streams live system logs to the terminal. It continuously displays log entries as they are generated by various processes. By default, it shows logs from all processes.
Example output:
...
Sep 1 12:34:56 MacBook-Pro com.apple.xpc.launchd[1] (com.apple.ReportCrash.DirectoryService[1234]): Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.ReportCrash.DirectoryService
Sep 1 12:34:57 MacBook-Pro com.apple.xpc.launchd[1] (com.apple.ReportCrash.DirectoryService[1234]): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
...
Use case 2: Stream logs sent to ‘syslog’ from the process with a specific PID
Code:
log stream --process <process_id>
Motivation: This use case is helpful when you want to monitor logs sent to ‘syslog’ from a specific process. It allows you to focus on the logs related to a particular process, which can be useful for troubleshooting and analysis.
Explanation: The ’log stream’ command with the ‘–process’ option filters the logs sent to ‘syslog’ based on the specified process ID. Only the logs from the specified process will be displayed in real-time.
Example output:
...
Sep 1 12:34:56 MacBook-Pro com.apple.ReportCrash.DirectoryService[1234]: This is a log entry from process with PID 1234.
Sep 1 12:34:57 MacBook-Pro com.apple.ReportCrash.DirectoryService[1234]: Another log entry from process with PID 1234.
...
Use case 3: Show logs sent to ‘syslog’ from a process with a specific name
Code:
log show --predicate "process == '<process_name>'"
Motivation: This use case is beneficial when you want to retrieve logs sent to ‘syslog’ from a process with a specific name. It allows you to filter logs based on the process name, which can help you analyze the logs related to a particular application.
Explanation: The ’log show’ command with the ‘–predicate’ option filters the logs sent to ‘syslog’ based on the specified predicate. In this case, the predicate is “process == ‘<process_name>’”, which matches logs from the process with the specified name.
Example output:
...
Sep 1 12:34:56 MacBook-Pro com.apple.ReportCrash.DirectoryService[1234]: This is a log entry from process with name 'DirectoryService'.
Sep 1 12:34:57 MacBook-Pro com.apple.ReportCrash.DirectoryService[1234]: Another log entry from process with name 'DirectoryService'.
...
Use case 4: Export all logs to disk for the past hour
Code:
sudo log collect --last 1h --output path/to/file.logarchive
Motivation: This use case is useful when you want to export all logs to a file for a specific duration. It allows you to collect logs from the past hour and store them in a logarchive file, which can be shared or analyzed later.
Explanation: The ’log collect’ command with the ‘–last’ and ‘–output’ options exports logs to a logarchive file. The ‘–last’ option specifies the duration for which logs should be collected (1 hour in this case), and the ‘–output’ option defines the path and filename for the logarchive file.
Example output:
Logs collected successfully and saved to 'path/to/file.logarchive'.
Conclusion:
The ’log’ command provides a flexible way to view, stream, and export logs in macOS. Whether you need to monitor live system logs, filter logs by specific process ID or name, or export logs for analysis, the ’log’ command has you covered. With its various options, you can easily work with logs and gain insights into the behavior of processes and systems.
