Follow System & Kernel Logs from Command Line in Mac OS X
If you’re troubleshooting some of the more difficult problems that you can have on a Mac, a good place to look are the System & Kernel Logs contained within Console app. But you can access the same OS X logs from the Terminal too.
Why bother reading system logs from the terminal when there’s an OS X app to do it natively in the GUI? Well there are many reasons, perhaps because you are reviewing logs remotely with ssh, maybe you just prefer the terminal, or, maybe things are really going south. In the latter situation, unfortunately there are times when you can’t access Console either because you are remotely troubleshooting, in Single User Mode, or even because the log files have grown so large that it actually starts crashing Console.app when it’s trying to load (this has happened to me more than once). Yes, from time to time, problems can be so bad that even the OS X Console log can’t be opened directly! But fear not if this occurs to you, you can still track down and monitor the system log of Mac OS X by turning to the command line of the Mac.
If you’re in this situation, or any other reason that you’d want to follow your Console system log from the command line, here’s all you need to type:
tail -f /var/log/system.log
You can do the same with the kernel log, which is great if you’re troubleshooting hardware and connectivity issues:
tail -f /var/log/kernel.log
The tail -f command allows the specified file to be read and printed to your screen in a live stream. There are plenty of other log files you can follow contained within /var/log but the above two are generally the most useful for troubleshooting purposes.
You can also use the less command on log files, like so:
Once you have the log file opened with less, hit the “F” key to continuously update the log file as it updates live, making it kind of like tail -f in that it offers a constantly updating log file for easy viewing.
The syslog command is another option, but quite the firehose if you’re running syslog uncontrolled by grep, awk, more, or less. See for yourself with:
You’ll find it to be a bit overwhelming, and much more manageable by piping through more:
The syslog command is well featured with some perks though, discover more with the –help flag, which will show you how to export the contents of a log file, read specific logs, match logs to processes, and much more.
You could also combine these commands with GeekTool if you want to see system log activity directly on your Mac OS X desktop. Or just throw a Terminal window onto the Mac, maybe make it transparent for some easier multitasking views, and happy troubleshooting, administration, or development to you.