Expand description
§A library to parse Apple Unified Logs
macos_unifiedlogs is a small cross platform library to help parse Unified Logs on a system or logarchive.
No Apple APIs are used so this library can be used on non-apple platforms.
A full example can found on GitHub
§Example
use macos_unifiedlogs::filesystem::LiveSystemProvider;
use macos_unifiedlogs::traits::FileProvider;
use macos_unifiedlogs::parser::collect_timesync;
use macos_unifiedlogs::iterator::UnifiedLogIterator;
use macos_unifiedlogs::unified_log::UnifiedLogData;
use macos_unifiedlogs::parser::build_log;
// Run on live macOS system
let mut provider = LiveSystemProvider::default();
let timesync_data = collect_timesync(&provider).unwrap();
// We need to persist the Oversize log entries (they contain large strings that don't fit in normal log entries)
let mut oversize_strings = UnifiedLogData {
header: Vec::new(),
catalog_data: Vec::new(),
oversize: Vec::new(),
};
for mut entry in provider.tracev3_files() {
println!("TraceV3 file: {}", entry.source_path());
let mut buf = Vec::new();
entry.reader().read_to_end(&mut buf);
let log_iterator = UnifiedLogIterator {
data: buf,
header: Vec::new(),
};
// If we exclude entries that are missing strings, we may find them in later log files
let exclude = true;
for mut chunk in log_iterator {
chunk.oversize.append(&mut oversize_strings.oversize);
let (results, _missing_logs) = build_log(
&chunk,
&mut provider,
×ync_data,
exclude,
);
oversize_strings.oversize = chunk.oversize;
println!("Got {} log entries", results.len());
break;
}
break;
}
Modules§
- dsc
- Functions to parse the shared string cache
- filesystem
- Providers to parse Unified Log data on a live system or a provided logarchive
- iterator
- parser
- Functions to extract and assemble log entries from the macOS Unified Log
- timesync
- Functions to parse time data associated with the Unified Log
- traits
- unified_
log - Functions to parse tracev3 files Parse macOS Unified Log data
- uuidtext
- Functions to parse the log string files