How can I use syslog API on BigSur and after?

Question

Supremacist OP

Created Aug ’21

Replies 3

Boosts 0

Views 1.2k

Participants 2

Hi, all. I try logging some message of my console application.

Just like syslog daemon in linux, I want to change and apply facility and level printing if requested.

So, I just try to use syslog API and os_log API both of them. And try to change syslog.conf, add asl.configuration in /etc/asl directory But, it seems not to be applied.

Only I can see, log messages can be gotten by using "log" command not saved to file.

How can i config just like syslog system in linux and apply this?

Thansk.

Answered by DTS Engineer in 686559022

but actually log collect isn't what i want.

Yes it is.

Where is the log file what i config?

There is no “log file”. Rather, there’s a log store, and by enabling persistence your log entries end up in that store:

If you want to grab the log store from a user’s machine, use log collect.
If you want to extract log entries from a log store (a .logarchive packaged document), use log show with the --archive option.
To extract just your log entries, use --predicate.
If you’re a big fan of the old school system log format, pass --style syslog to get that output style.
If you want to monitor log entries in real time (à la tail -f with traditional log files), use log stream. It supports --predicate and --style, just like log show.

To reiterate, the logging system does not work in terms of plain text log files. This isn’t an omission but rather a deliberate decision to help minimise write counts.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Aug ’21

The unified logging system doesn’t offer great support for spooling log messages to a separate file. The support it does have (for example, /var/log/system.log) is considered a compatibility measure. Rather, it aims to keep all the log messages in a central log store.

This design is very deliberate. Most modern devices use some sort of solid state storage with a limit to its write count, and this design helps to preserve that.

Why do you want to log to a separate file? Most folks look at logs in two ways:

After the fact
As they come in

The log tool supports both of these models (log collect and log stream). What are you doing that requires a separate file?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

DTS Engineer OP

Apple

Aug ’21

Before you continue I recommend that you watch WWDC 2016 Session 721 Unified Logging and Activity Tracing. Unfortunately that’s no longer available on the developer web site, but if you hunt around on the ’net you can find a copy (or at least a transcript).

The unified logging system does log to shared memory but it will also persist certain log entries to an on-disk store. By default it only persists high-priority messages, but you can change that default using log config. For info on how to do that, see the log man page (it’s a long man page; search for persist to find the right info).

it's easy to guide by sending the "log file".

Indeed. But sudo log collect is even easier (-: and it gives you not just your logging but the system’s logging as well.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 3

DTS Engineer OP

Apple

Sep ’21

Accepted Answer

but actually log collect isn't what i want.

Yes it is.

Where is the log file what i config?

There is no “log file”. Rather, there’s a log store, and by enabling persistence your log entries end up in that store:

If you want to grab the log store from a user’s machine, use log collect.
If you want to extract log entries from a log store (a .logarchive packaged document), use log show with the --archive option.
To extract just your log entries, use --predicate.
If you’re a big fan of the old school system log format, pass --style syslog to get that output style.
If you want to monitor log entries in real time (à la tail -f with traditional log files), use log stream. It supports --predicate and --style, just like log show.

To reiterate, the logging system does not work in terms of plain text log files. This isn’t an omission but rather a deliberate decision to help minimise write counts.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0