Logging cheatsheet

Where your logs are

The log/ symbolic link joins a main service bundle to a logging service bundle. By convention, a further main/ symbolic link points to the main log output directory. So if one has obtained the location of the dbus service bundle with system-control find dbus one can, by convention, append log/main/ to find its log files. 

readlink "`system-control find dbus`"/log/main

Where the log for the dbus service is. 

readlink "`system-control find cron`"/log/main

Where the log for the cron service is. 

readlink "`system-control find local-syslog-read`"/log/main

Where the output of C programs using the old syslog() mechanism is. 

readlink `system-control find klogd`/log/main

Where the kernel log is.

A small list of useful commands relating to logging. 

system-control status devd

Because the devd service has a log/main/ symbolic link, this command displays the last few lines of log output for the devd logging service. 

svc -a "`system-control find devd`"/log/

Log services (running cyclog or multilog) can be told to explicitly rotate their output files. The major use case for this is to start a fresh current file for following as it is written. 

find "`system-control find devd`"/log/main/ -type f -mtime -1 -print0 | \
xargs -0 sort -m -- | \
tai64nlocal | \
${PAGER:-more}

This finds the last 1 days' worth of log files in the "devd" log service's log output, combines them, decodes the timestamps, and paginates the result. The TAI64N timestamp in log files is sortable, and lines are already sorted within each log file (by the nature of logging), so sorting together multiple logs (which the find command is not guaranteed to emit in order) can be done with the -m (merge sort) option to the sort command. 

tail -F "`system-control find dbus`"/log/main/current | tai64nlocal

This command displays the output of a log as it is written. The -F option to tail is the correct one to use, not the -f option. However, follow-log-directories fixes some of the problems even with tail -F. 

tail -F "`system-control find dbus`"/log/main/current | \
grep -F --line-buffered 'PackageKit' | \
tai64nlocal

This command displays the filtered output of a log as it is written. The --line-buffered option stops grep -F from batching up the filtered lines and only spitting them out in lumps.