I have created a sample kext used the below code to write a log.
IOLog("scan\n");
I have loaded kext by running below command in terminal.
sudo kextload mykext.kext
it loaded sucessfully when i check system.log file unable to find logs written in code.
You wont be able to find the log file, because there is no such. You should use log utility in terminal:
sudo log show
The output of this command is huge.
There are some built-in options that could help you to filter, like --last 5m, but I recomend to write all your driver messages with some stable prefix, like "MyDriver:", so you can use the log with | grep MyDriver:
Related
I've been bashing my head on this as I feel as if I'm running around in circles. I've tried the following commands in a terminal session:
ulimit -c unlimited
launchctl limit core unlimited
launchctl limit core unlimited unlimited
sysctl -w kern.coredump=1
After each of these commands I've also tried to run sleep 100 & followed by killall -SIGSEGV sleep or killall -SIGABRT sleep and in both cases my /cores directory is completely empty. I've looked around and the documentation I've found either pertains to an older version of OSX or the commands failed to generate any file. I see the .crash files getting generated, but I am more interested in a file that I can attach to lldb to help me debug.
Any help is kindly appreciated.
According to an answer on this post regarding the same issue in Catalina files in /bin are unable to produce core dumps and trying to use the killall trick may also be blocked.
recently I installed CoreUtils with HomeBrew for my terminal on macOS. However, when I use the greadlink command, I am unable to get the proper file path. What I mean to say is that every time I do the following:
My-MBP: insertnamehere$ greadlink -f something.apk
I get:
/Users/insertnamehere/projects/something.apk
When its actually located at:
/Users/insertnamehere/Documents/stuff/something.apk
The same happens for any directory. Basically, it will list the file that I'm trying to find directly under that directory.
Try using grealpath which gives more options like -P and -L etc.
I'm building an installer using pkgbuild and productbuild. I'd like to be able to collect the install logs from my users in the case that anything goes wrong. It'd be nice if those logs were not mixed in with everything else they've installed.
By default it looks like all logs go to /var/logs/install.log. Is there any way to change this location for my app's installer logs?
There are two ways of installing apps in flat file format (.pkg) on MAC OS X:
GUI
Installer.app (On El Capitan it is located in /System/Library/CoreServices/Installer.app) is GUI installer method which doesn't seem to have any option to change the logs but it does have view logs option (Command+L)
Command Line
installer is command line that has -dumplog that can be used to dump logs to stdout that can be redirected to a file.
-dumplog
Detailed log information is always sent to syslog using the LOG_INSTALL facility (and will wind up in /var/log/install.log). -dumplog additionally writes this log to
standard error output.
Command
installer -dumplog -pkg InstallMe.pkg -target / > install.log 2>&1
I ended up solving this by adding the following function to the end of my postinstall script. It detects the first line of install.log that's relevant to the current installation, and copies everything from that line to the end of install.log into a separate file.
One caveat: if multiple installations are happening simultaneously, it's possible to get logs from the other installation mixed in. This solution simply captures a time-bounded snapshot of install.log, but doesn't separate the logs from multiple installations.
function export_log {
NOW=`date "+%Y-%m-%d-%H-%M-%S"`
LOG_NAME="install_log_$NOW.log"
# Interactive install logs start with a line "<AppName> x.x.x Installation Log". Silent install logs start with a line
# "Product archive /path/to/pkg/folder".
# Must include something like \d in this expression and the pkg filename, that won't match this line itself when it's printed in the log
STARTING_LINE_OF_LAST_INSTALL=`egrep '(<AppName> \d+\.\d+\.\d+ Installation Log)|(Product archive.*path/to/pkg/folder/\d+.\d+\.\d+/)' /var/log/install.log | tail -n 1`
# Copy the rest of the log from that line on, up to 10000 lines.
fgrep --after-context=10000 "$STARTING_LINE_OF_LAST_INSTALL" /var/log/install.log > "$LOGGING_DIR/$LOG_NAME"
}
On my mac system , /var/log/system.log is not write until two days ago.
I want it continue to write ,how would I do?
You want to see earlier stuff that was written to system.log? The system log is "rotated". When it gets too big, it is moved aside and compressed. A new system log is created for new log messages. The old logs are kept as /var/log/system.log.0.bz2, system.log.1.bz2, etc. You can uncompress and view them with the sudo bzless command.
The program which performs the rotation of the logs is newsyslog. Its configuration file is newsyslog.conf. It is run on a regular basis by launchd due to the launchd plist file in /System/Library/LaunchDaemons/com.apple.newsyslog.plist.
Note: This quesiton is NOT show me which files are in use. The file is not currently in use. The file will be in use at some unknown point in the future. At that point, I want to know what process accessed the file.
I would like to be able to track a file and see which process is touching that file. Is that possible? I know that I can see the list of open processes in activity monitor but I think it's happening to quickly for me to see it. The reason for this is I'm using a framework and I think the system version of the framework is being used instead of the debug version and I'd like to see which process is touching it.
That's simple: sudo fs_usage | grep [path_to_file]
lsof will list open files, but it can be a bit awkward for momentary touches (eg, if the file isn't open when lsof runs, it doesn't show).
I think your best bet would be fernLightning's fseventer.app. It's "nagware", and allows you to watch (graphically) the fsevents API in real-time.
But I spent 2 minutes Googling and found your answer here.
$ lsof | grep [whatever]
Where [whatever] is replaced with the filename you're looking for.
With this, you can see which program is desperately holding onto your
about-to-be-trashed file. Once you exit that program, your trash will
empty.
The faster way is:
$ lsof -r [path_to_file]
This solution doesn't require the root password and gives you back the following, clear, result:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Finder 497 JR7 21r REG 1,2 246223 33241712 image.jpg
QuickLook 1007 JR7 txt REG 1,2 246223 33241712 image.jpg
The -r argument keeps the command alive and should log any new file touched by the process you want to track.
Another option is Sloth. It's a free, open source GUI for LSOF that others have mentioned.