Category filter
Script to fetch device logs
System logs provide log messages specific to processes running on the device that help you troubleshoot. In addition to troubleshooting, system logs can also be used for security auditing, performance monitoring, and analyzing user behavior or application usage patterns. You can remotely fetch logs from target macOS devices with customized scripts from the portal using Hexnode’s Execute Custom Script action.
The Sample Scripts provided below are adapted from third-party Open-Source sites.
Fetch system logs
The log command on macOS is used to display live system logs in the Terminal. It allows users to view log data in real-time as it is generated by various processes running on the system.
You can easily retrieve and display the system logs from a Mac using the log command. To fetch default logs from a device for a specified duration, use the command:
|
1 |
sudo log show --last 1m |
On the other hand, the log collect command is used to create a compressed archive of system logs that have been collected over a specified period. This command is typically used when troubleshooting a specific issue that may have occurred in the past and requires examining a historical record of system events.
A system log archive refers to a collection of log files that contain information about system events, errors, and other messages that occur on a computer. The system log archive includes various types of logs, such as kernel logs, system logs, and application logs. The log collect command is used to generate a system log archive.
You can generate a system log archive to share as feedback to Apple or for personal use.
Generate and save a system log archive on the user device using the command:
|
1 |
log collect --output ~/Desktop/SystemLogs.logarchive --last 20m |
System logs from the last 20 minutes are saved on the desktop in SystemLogs.logarchive.
You can then view the archive file saved on the desktop folder with the command:
|
1 |
sudo log show --archive ~/Desktop/SystemLogs.logarchive |
You can also use these log commands to fetch specific app logs.
Get app logs
Use the command below to list logs of an app:
|
1 |
log show —predicate ‘processImagePath CONTAINS[c] “processname”’ |
Replace processname with the name of the app required. The command fetches logs of all events associated with the specified app name.
For example:
|
1 |
log show —predicate ‘processImagePath CONTAINS[c] “safari”’ |
To fetch app log between specific dates and save it as a text file on the device:
|
1 |
log show --predicate 'processImagePath CONTAINS[c] "Books"' --start "2022-06-18" --end "2022-06-21" | tee ~/Desktop/output.tx |
A text file output.txt will be created on the device desktop folder containing the app logs of the specified app.
- Scripts may be in ‘Initiated’ status for an extended period of time for certain apps based on the amount of data to be fetched.
- It is recommended to manually validate the script execution on a system before executing the action in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.
