syslog Tip of the Day

OK, if you don’t know what “Terminal” is on a Mac, stop reading now. I am serious. This is geek factor 10, Mr. Sulu.

You have been warned. I spend a lot of time at the terminal on OSX. A lot of time. Additionally, I spend a lot of time using syslog to try and figure out what went wrong on a particular machine. Now, as anyone who has used syslog knows, if you just type syslog, you get way too much information. What many people don’t know is that syslog has some really, really nice filtering features. For example, if you want to know what happened since you last booted, you just need to run 2 commands. The first is:

syslog -T sec -k Message Seq npvhash

This will give you a bunch of lines that look like (big number) localhost kernel[0] <Debug>: npvhash=4095. Now, take that number and run:

syslog -k Time ge (number)

That is everything since the last boot. If you want a different boot from that list, you can do

syslog -k Time ge (number) -k Time le (next number - 1)

Figuring this out made me so giddy, I had to tell anyone who would listen.

