How to view the system log on a mac

How to view the system log on a mac

В приложении «Информация о системе» Вы увидите отчет о системе, содержащий подробную информацию о Вашем компьютере Mac, включая следующее.

Оборудование, которое установлено или подключено к нему.

Сетевые подключения компьютера, включая активные службы, их IP-адреса, а также тип и скорость сетевого подключения.

Программное обеспечение компьютера, включая операционную систему, приложения и количество ядер. (Можно просмотреть версии, даты изменения и местонахождение каждого элемента программного обеспечения.)

Siri. Произнесите, например: «Открой Информацию о системе». Узнайте, как спросить Siri.

Просмотр отчета о системе

Чтобы открыть отчет о системе, выберите меню Apple

> «Об этом Mac», затем нажмите «Отчет о системе».

Совет. Либо нажмите клавишу Option, и, удерживая ее, выберите меню Apple

> «Информация о системе».

Чтобы изменить внешний вид отчета, выполните одно из следующих действий.

Просмотр подробного отчета. Выберите меню «Файл» > «Показать больше информации». Размер файла отчета может достигать нескольких мегабайт.

Просмотр краткого отчета. Выберите меню «Файл» > «Показать меньше информации». Отчет будет включать большую часть информации об оборудовании и сети, но информация о программном обеспечении будет в нем отсутствовать.

Печать, сохранение или отправка отчета о системе

Чтобы открыть отчет о системе, выберите меню Apple

> «Об этом Mac», затем нажмите «Отчет о системе».

Выполните одно из следующих действий:

Печать отчета о системе. Выберите команду меню «Файл» > «Напечатать».

Сохранение отчета о системе. Выберите «Файл» > «Сохранить», введите имя файла и выберите местоположение для сохранения отчета.

Отправка отчета в компанию Apple. Выберите «Файл» > «Отправить в Apple». Если Вы позвоните в Службу поддержки Apple, то можете предоставить специалисту копию данных о конфигурации системы.

Просмотр сведений о системе в приложении «Об этом Mac»

Вы можете просмотреть информацию о своем компьютере Mac, включая название модели, используемую версию системы macOS и другие сведения.

Чтобы открыть раздел «Об этом Mac», выберите меню Apple

Нажмите любой из следующих пунктов.

Общие сведения. Просмотрите спецификацию компьютера Mac.

Мониторы. Получите сведения о мониторах, подключенных к Вашему Mac.

Накопители. Узнайте, какой объем накопителей задействован на Вашем устройстве и какие типы файлов на нем хранятся. См. раздел Просмотр сведений о доступном пространстве на диске.

Память. Узнайте, какой объем памяти установлен на Вашем Mac и сколько слотов доступно для расширения памяти. (Для некоторых моделей Mac панель «Память» может отсутствовать.)

Поддержка. Узнайте о вариантах обслуживания, технической поддержки и ремонта для Вашего Mac.

Ресурсы. Получите доступ к ресурсам поддержки программного обеспечения macOS и оборудования Mac.

С помощью приложения «Мониторинг системы» можно получить информацию о памяти компьютера.

I would like to ask you, where could I find my crash logs?

4 Answers 4

Open the Console app from the Application -> Utilities , you will see the log files.

How to view the system log on a mac

Console app has them neatly arranged depending on if a system level process has crashed or a user level process.

How to view the system log on a mac

From there you can see if it’s in

/Library/Logs or /Library/Logs – you will get crashes and panics and hangs in separate files. Don’t forget to look in /private/var/log as well.

How to view the system log on a mac

refers to your Home directory).

/Library/Logs/CrashReporter/MobileDevice are the crashlogs for your iOS devices (if any).

/Library/Logs/CrashReporter also has links to items in

To find the crash files, you can run Console app which will display all the system messages. If any specific application crashed, look in User Reports. If it’s system crash, check in System Reports. Once you have found the crash file, you can Reveal in Finder (usually located in

If the crash resulted in reboot, in All Messages look line stating its Shutdown Cause and check the following list of Shutdown Causes for further information.

Alternatively you can also check the log files in /var/log (such as system.log ), or in real-time by log stream .

You can also check where dumps are generated by monitoring system.log file, e.g.

To scan for the previous crash files, run:

To generate the actual core dump files (in /cores ), see: How to generate core dumps in macOS?

If you have a system that you allow other people to use, you may at times want to be able to see when others have logged in to your system. Here is one way to do this in OS X.

Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.

If you have a system that you allow other people to use, you may at times want to be able to see when others have logged into your system. This may be particularly true with systems you use as a server, a workstation at a school, or even a family computer that may have multiple accounts on it. Though the system has tools like the Console or Activity Monitor, which can show information about users on the system, using these to track when they logged in can be a bit cumbersome.

To view this information specifically, the terminal has a great utility called “last,” which is very straightforward and easy to use. Just open a Terminal window and enter the command “last,” and the system will list off the last time various users have logged in to the system, be it through the log-in window or through the Terminal itself.

The output will list each log-in event as the username used, followed by the log-in type, host name, log-in date, start time, end time, and session duration. The list will be in chronological order starting with the most recent, so you will have to scroll to the top of the Terminal where you entered the command in order to see the most recent log-ins.

How to view the system log on a mac

In this example, you can see users “Guest” and “zephyr” were logged in at the log-in window, and the “tkessler” users were using the Terminal (from me opening new Terminal windows). The tool indicates the length of the session, or whether the user is still logged in with the current session.

Besides the times and durations of the log-in events, the main things to look for in the output are the events that begin with “tty” as the log-in type, versus those that say “console.” The tty log-ins are from when someone used the Terminal to access the system, either locally or remotely via the “ssh” command. This means that any time you open a Terminal window, the system technically logs it as a “tty” event (stands for TeleType, which stems from the use of teletype terminals used in the mid 1900s). When an entry says “console,” then the user logged in using the log-in window.

Keep in mind that while the “last” command will show log-in sessions, it will not show sharing sessions such as that for file sharing, printer sharing, or screen sharing. Nevertheless, it may be useful if you need to determine when people have accessed a particular system.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

There are many different log files that all serve different purposes. When trying to find a log about something, you should start by identifying the most relevant file. Below is a list of common log file locations.

System logs

System logs deal with exactly that – the Ubuntu system – as opposed to extra applications added by the user. These logs may contain information about authorizations, system daemons and system messages.

Authorization log

Keeps track of authorization systems, such as password prompts, the sudo command and remote logins.

Daemon Log

Daemons are programs that run in the background, usually without user interaction. For example, display server, SSH sessions, printing services, bluetooth, and more.

Debug log

Provides debugging information from the Ubuntu system and applications.

Kernel log

Logs from the Linux kernel.

System log

Contains more information about your system. If you can’t find anything in the other logs, it’s probably here.

Application logs

Some applications also create logs in /var/log . Below are some examples.

Apache logs

Location: /var/log/apache2/ (subdirectory)

Apache creates several log files in the /var/log/apache2/ subdirectory. The access.log file records all requests made to the server to access files. error.log records all errors thrown by the server.

X11 server logs

The X11 server creates a seperate log file for each of your displays. Display numbers start at zero, so your first display (display 0) will log to Xorg.0.log . The next display (display 1) would log to Xorg.1.log , and so on.

Non-human-readable logs

Not all log files are designed to be read by humans. Some were made to be parsed by applications. Below are some of examples.

Login failures log

Contains info about login failures. You can view it with the faillog command.

Last logins log

Contains info about last logins. You can view it with the lastlog command.

Login records log

Contains login info used by other utilities to find out who’s logged in. To view currently logged in users, use the who command.

This is not an exhaustive list!
You can search the web for more locations relevant to what you’re trying to debug. There is also a longer list here.

3. Viewing logs using GNOME System Log Viewer

The GNOME System Log Viewer provides a simple GUI for viewing and monitoring log files. If you’re running Ubuntu 17.10 or above, it will be called Logs. Otherwise, it will be under the name System Log.

System Log Viewer interface

The log viewer has a simple interface. The sidebar on the left shows a list of open log files, with the contents of the currently selected file displayed on the right.

The log viewer not only displays but also monitors log files for changes. The bold text (as seen in the screenshot above) indicates new lines that have been logged after opening the file. When a log that is not currently selected is updated, it’s name in the file list will turn bold (as shown by auth.log in the screenshot above).

Clicking on the cog at the top right of the window will open a menu allowing you to change some display settings, as well as open and close log files.

There is also a magnifying glass icon to the right of the cog that allows you to search within the currently selected log file.

More information

If you wish to learn more about the GNOME System Log Viewer, you may visit the official documentation.

4. Viewing and monitoring logs from the command line

It is also important to know how to view logs in the command line. This is especially useful when you’re remotely connected to a server and don’t have a GUI.

The following commands will be useful when working with log files from the command line.

Viewing files

The most basic way to view files from the command line is using the cat command. You simply pass in the filename, and it outputs the entire contents of the file: cat file.txt .

This can be inconvenient when dealing with large files (which isn’t uncommon for logs!). We could use an editor, although that may be overkill just to view a file. This is where the less command comes in. We pass it the filename ( less file.txt ), and it will open the file in a simple interface. From here, we can use the arrow keys (or j/k if you’re familiar with Vim) to move through the file, use / to search, and press q to quit. There are a few more features, all of which are described by pressing h to open the help.

Viewing the start or end of a file

We may also want to quickly view the first or last n number of lines of a file. This is where the head and tail commands come in handy. These commands work much like cat , although you can specify how many lines from the start/end of the file you want to view. To view the first 15 lines of a file, we run head -n 15 file.txt , and to view the last 15, we run tail -n 15 file.txt . Due to the nature of log files being appended to at the bottom, the tail command will generally be more useful.

Monitoring files

To monitor a log file, you may pass the -f flag to tail . It will keep running, printing new additions to the file, until you stop it (Ctrl + C). For example: tail -f file.txt .

Searching files

One way that we looked at to search files is to open the file in less and press / . A faster way to do this is to use the grep command. We specify what we want to search for in double quotes, along with the filename, and grep will print all the lines containing that search term in the file. For example, to search for lines containing “test” in file.txt , you would run grep “test” file.txt .

If the result of a grep search is too long, you may pipe it to less , allowing you to scroll and search through it: grep “test” file.txt | less .

Editing files

The simplest way to edit files from the command line is to use nano . nano is a simple command line editor, which has all the most useful keybindings printed directly on screen. To run it, just give it a filename ( nano file.txt ). To close or save a file, press Ctrl + X. The editor will ask you if you want to save your changes. Press y for yes or n for no. If you choose yes, it will ask you for the filename to save the file as. If you are editing an existing file, the filename will already be there. Simply leave it as it is and it will save to the proper file.

5. Conclusion

Congratulations, you now have enough knowledge of log file locations, usage of the GNOME System Log Viewer and basic command line commands to properly monitor and trouble-shoot problems that arise on your system.

The easy-to-use, integrated, glanceable, and open web-based interface for your servers

Introducing Cockpit

Cockpit is a web-based graphical interface for servers, intended for everyone, especially those who are:

  • new to Linux (including Windows admins)
  • familiar with Linux and want an easy, graphical way to administer servers
  • expert admins who mainly use other tools but want an overview on individual systems

Thanks to Cockpit intentionally using system APIs and commands, a whole team of admins can manage a system in the way they prefer, including the command line and utilities right alongside Cockpit.

Take a look

A picture is worth a thousand words. Click a thumbnail to see screenshots of Cockpit in action.

How to view the system log on a macHow to view the system log on a macHow to view the system log on a macHow to view the system log on a macHow to view the system log on a macHow to view the system log on a macHow to view the system log on a macHow to view the system log on a macHow to view the system log on a macHow to view the system log on a macHow to view the system log on a macHow to view the system log on a mac

Simple to use

Cockpit makes Linux discoverable. You don’t have to remember commands at a command-line.

See your server in a web browser and perform system tasks with a mouse. It’s easy to start containers, administer storage, configure networks, and inspect logs. Basically, you can think of Cockpit like a graphical “desktop interface”, but for individual servers.

Compatible with your existing workflows

Have a favorite app or command line tool that you use on your servers? Keep using the command line, Ansible, and your other favorite tools and add Cockpit to the mix with no issues.

Cockpit uses the same system tooling you would use from the command line. You can switch back and forth between Cockpit and whatever else you like. Cockpit even has a built-in terminal, which is useful when you connect from a non-Linux device.


Cockpit uses APIs that already exist on the system. It doesn’t reinvent subsystems or add a layer of its own tooling.

By default, Cockpit uses your system’s normal user logins and privileges. Network-wide logins are also supported through single-sign-on and other authentication techniques.

Cockpit itself doesn’t eat resources or even run in the background when you’re not using it. It runs on demand, thanks to systemd socket activation.


Using Cockpit

Here’s a subset of tasks you can perform on each host running Cockpit:

  • Inspect and change network settings
  • Configure a firewall
  • Manage storage (including RAID and LUKS partitions)
  • Create and manage virtual machines
  • Download and run containers
  • Browse and search system logs
  • Inspect a system’s hardware
  • Upgrade software
  • Keep tabs on performance
  • Manage user accounts
  • Inspect and interact with systemd-based services
  • Use a terminal on a remote server in your local web browser
  • Switch between multiple Cockpit servers
  • Extend Cockpit’s functionality by installing a growing list of apps and add-ons to make Cockpit do anything you want

Also troubleshoot and fix pesky problems with ease:

  • Diagnose network issues
  • Spot and react to misbehaving virtual machines
  • Examine SELinux logs and fix common violations in a click
  • Inspect detailed metrics that correlate CPU load, memory usage, network activity, and storage performance with the system’s journal

More features appear in Cockpit every release.

Designed & tested

Cockpit’s design keeps your goals in mind. We test Cockpit with usability studies to make it work the way you’d expect and adjust accordingly. As a result, Cockpit gets easier to use all the time.

All code changes have tests which must pass before merging, to ensure stability.

Free & free

Cockpit works (nearly) everywhere

You can install Cockpit on the major distributions, including:

Once Cockpit is up and running, you can access systems from all major web browsers on any operating system (including Windows, MacOS, and Android).

Release schedule

Cockpit has a time-based release cadence, with new versions appearing every two weeks.

Get started

After installing and enabling Cockpit, visit port 9090 on your server (for example: https://localhost:9090/ in a browser on the same machine as Cockpit).

© 2013 – 2022 — Cockpit is a Red Hat sponsored free software project released under the LGPL v2.1+

Prefer to use Elastic Agent for this use case?

Elastic Agent is a single, unified agent that you can deploy to hosts or containers to collect data and send it to the Elastic Stack. Elastic Agent uses integrations to connect your data to the Elastic Stack. Behind the scenes, Elastic Agent runs the Beats shippers required for your configuration. Refer to the documentation for a detailed comparison of Beats and Elastic Agent.

The system module collects and parses logs created by the system logging service of common Unix/Linux based distributions.

When you run the module, it performs a few tasks under the hood:

  • Sets the default paths to the log files (but don’t worry, you can override the defaults)
  • Makes sure each multiline log event gets sent as a single event
  • Uses an Elasticsearch ingest pipeline to parse and process the log lines, shaping the data into a structure suitable for visualizing in Kibana
  • Deploys dashboards for visualizing the log data

Read the quick start to learn how to configure and run modules.


This module was tested with logs from OSes like Ubuntu 12.04, Centos 7, and macOS Sierra.

This module is not available for Windows.

Configure the moduleedit

You can further refine the behavior of the system module by specifying variable settings in the modules.d/system.yml file, or overriding settings at the command line.

The following example shows how to set paths in the modules.d/system.yml file to override the default paths for the syslog and authorization logs:

To specify the same settings at the command line, you use:

Variable settingsedit

Each fileset has separate variable settings for configuring the behavior of the module. If you don’t specify variable settings, the system module uses the defaults.

For advanced use cases, you can also override input settings. See Override input settings.

When you specify a setting at the command line, remember to prefix the setting with the module name, for example, system.syslog.var.paths instead of syslog.var.paths .

syslog fileset settingsedit

auth fileset settingsedit

Time zone supportedit

This module parses logs that don’t contain time zone information. For these logs, Filebeat reads the local time zone and uses it when parsing to convert the timestamp to UTC. The time zone to be used for parsing is included in the event in the event.timezone field.

To disable this conversion, the event.timezone field can be removed with the drop_fields processor.

If logs are originated from systems or applications with a different time zone to the local one, the event.timezone field can be overwritten with the original time zone using the add_fields processor.

See Processors for information about specifying processors in your config.

Example dashboardsedit

This module comes with sample dashboards. For example:

How to view the system log on a mac


For a description of each field in the module, see the exported fields section.

Pipeline logs provide a powerful tool for determining the cause of pipeline failures.

A typical starting point is to review the logs in your completed build or release. You can view logs by navigating to the pipeline run summary and selecting the job and task. If a certain task is failing, check the logs for that task.

In addition to viewing logs in the pipeline build summary, you can download complete logs which include additional diagnostic information, and you can configure more verbose logs to assist with your troubleshooting.

Configure verbose logs

To assist with troubleshooting, you can configure your logs to be more verbose.

To configure verbose logs for a single run, you can start a new build by choosing Run pipeline and selecting Enable system diagnostics, Run.

How to view the system log on a mac

To configure verbose logs for all runs, you can add a variable named system.debug and set its value to true .

To configure verbose logs for a single run, you can start a new build by choosing Queue build, and setting the value for the system.debug variable to true .

To configure verbose logs for all runs, edit the build, navigate to the Variables tab, and add a variable named system.debug , set its value to true , and select to Allow at Queue Time.

To configure verbose logs for a YAML pipeline, add the system.debug variable in the variables section:

View and download logs

To view individual logs for each step, navigate to the build results for the run, and select the job and step.

How to view the system log on a mac

To download all logs, navigate to the build results for the run, select . , and choose Download logs.

How to view the system log on a mac

To download all logs, navigate to the build results for the run, choose Download all logs as zip.

In addition to the pipeline diagnostic logs, the following specialized log types are available, and may contain information to help you troubleshoot.

Worker diagnostic logs

You can get the diagnostic log of the completed build that was generated by the worker process on the build agent. Look for the worker log file that has the date and time stamp of your completed build. For example, worker_20160623-192022-utc_6172.log .

Agent diagnostic logs

Agent diagnostic logs provide a record of how the agent was configured and what happened when it ran. Look for the agent log files. For example, agent_20160624-144630-utc.log . There are two kinds of agent log files:

The log file generated when you ran config.cmd . This log:

Includes this line near the top: Adding Command: configure

Shows the configuration choices made.

The log file generated when you ran run.cmd . This log:

Cannot be opened until the process is terminated.

Attempts to connect to your Azure DevOps organization or Team Foundation Server.

Shows when each job was run, and how it completed

Both logs show how the agent capabilities were detected and set.

Other logs

Inside the diagnostic logs you will find environment.txt and capabilities.txt .

The environment.txt file has various information about the environment within which your build ran. This includes information like what tasks are run, whether or not the firewall is enabled, PowerShell version info, and some other items. We continually add to this data to make it more useful.

The capabilities.txt file provides a clean way to see all capabilities installed on the build machine that ran your build.

HTTP trace logs

HTTP traces and trace files can contain passwords and other secrets. Do not post them on a public sites.

Use built-in HTTP tracing

If your agent is version 2.114.0 or newer, you can trace the HTTP traffic headers and write them into the diagnostic log. Set the VSTS_AGENT_HTTPTRACE environment variable before you launch the agent.listener.

Use full HTTP tracing – Windows

We recommend you listen only to agent traffic. File > Capture Traffic off (F12)

Enable decrypting HTTPS traffic. Tools > Fiddler Options > HTTPS tab. Decrypt HTTPS traffic

Let the agent know to use the proxy:

Run the agent interactively. If you’re running as a service, you can set as the environment variable in control panel for the account the service is running as.

Restart the agent.

Use full HTTP tracing – macOS and Linux

Use Charles Proxy (similar to Fiddler on Windows) to capture the HTTP trace of the agent.

Start Charles Proxy.

Charles: Proxy > Proxy Settings > SSL Tab. Enable. Add URL.

Charles: Proxy > Mac OSX Proxy. Recommend disabling to only see agent traffic.

Run the agent interactively. If it’s running as a service, you can set in the .env file. See nix service

How to view the system log on a mac

Apple’s Mac computers support multiple password-protected user profiles. Each profile can have its own programs, settings and files independent from other profiles on the same machine. Logging out of your profile before leaving the computer prevents other users of the same computer from accessing your files, programs and settings. You can manually log off a Mac using a keyboard shortcut or a menu option. However, in some settings, you may want to set your Mac to automatically log off for you when you are away from your computer.

Press “Shift-Cmd-Q” on the keyboard to activate the log-off dialog. Click “Log Out” to close all of your open programs and log out. Alternatively, press “Shift-Opt-Cmd-Q” to log out without viewing the dialog first.

Click the Apple icon in the upper-left corner of the screen and then click “Logout” to view the log-off dialog. Click “Log Out.”

Click the Apple menu in the upper-left corner of the screen and select “System Preferences.” Click “Security” and check “Log out after 60 minutes of inactivity.” Adjust the value of the text area to change the automatic log-off time.

  • Lifehacker: How to Log Out of Your Mac Immediately With the Keyboard
  • Ask Dave Taylor: Can Macs Automatically Log Out After Inactivity?

David Weinberg began writing in 2005 at New College of Florida, composing articles on history and political science for publication within the school and for online circulation. Weinberg has been a professional outdoor educator for more than five years with experience throughout the United States.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

  • 40% OFF PowerDVD 21! #1 media player for home theater and sharing.
  • 25% OFF Director Suite 365! The ultimate 4-in-1 creative editing suite with 8,000,000+ videos, images & music.
  • 25% OFF PowerDirector 365! Unlock 8,000,000+ videos, images & music with award winning video editor.

Privacy Policy Update

  • Account & Purchase
  • Download & Installation
  • Products

When a program crashes (the process has stopped working or disappears), an event log file can be helpful for the development team to troubleshoot problems. Follow the steps below to find event logs:

Windows 7:

  1. Click Windows Start button > Type event in Search programs and files field.
  2. Select Event Viewer
    How to view the system log on a mac

Windows Vista:

Control Panel > Administrative tools > Event Viewer > Windows Logs > Application > Click the “Error” type event > Copy the text on the General tab and then send it to us.

Windows XP:

Control Panel > Administrative tools > Event Viewer > Application > Click the “Error” type event > Copy the text on the General tab and then send it to us.

While troubleshooting Pocket for iOS application crashes, the Pocket support team may request a crash log to determine what is happening. The easiest method is to find the log is in Settings on your iOS device. However, you can also find them on your computer after syncing your device.

Find the logs on your iOS device

  1. Open Settings app
  2. Tap Privacy
  3. Tap Analytics & Improvements
  4. Tap Analytics Data
  5. Scroll down and select any items that start with “Pocket” and show the date you encountered the crash

How to view the system log on a mac

Find the logs after syncing your device

1. Sync with Finder on macOS 10.15 (or iTunes if on macOS 10.14 and earlier)

Crash logs are transferred to your computer whenever you sync your device. Plug in your device, and launch Finder (or iTunes, if on 10.14 or earlier) to complete the sync.

2. Retrieve the Crash Log
  1. Open Finder (found in the Dock)
  2. Click on the ‘Go’ menu at the top of your screen, and select ‘Go to Folder’
  3. Type (or paste):

Windows Vista/7 Users:

  1. Open any Windows Explorer Window (My Computer, My Documents, etc.)
  2. Enter %appdata% , and press enter
  3. Navigate to Roaming > Apple computer > Logs > CrashReporter > Mobile Device > *Device Name*. (Note: your device name appears in iTunes on the left side, under ‘Devices’)
  4. You will see at least one item starting with ‘ReadItLaterPro’. Copy any that you find to your Desktop.

Email the crash log to Pocket. If you have already been in touch with Pocket Support, please reference the existing conversation or name of the person who you have been working with.

Windows XP Users:

  1. Locate your Application Data folder. To see instructions on how to find this folder, click here: eHow: How to access the Application Data Folder
  2. Navigate to Apple computer > Logs > CrashReporter > Mobile Device > *Device Name*. (Note: your device name appears in iTunes on the left side, under ‘Devices’)
  3. You will see at least one item starting with ‘ReadItLaterPro’. Copy any that you find to your Desktop.

Email the crash log to Pocket. If you have already been in touch with Pocket Support, please reference the existing conversation or name of the person who you have been working with.

Thanks for the feedback There was a problem submitting your feedback. Please try again later.

The System Log contains details of all logged events for your org. View and monitor various events in your org using:

To navigate to the System Log, in the Admin Console, go to Reports > System Log.

For a description of System Log event types, see Event Types.


The System Log displays the following bar graphs about your chosen events:

Count of events over time

Count of events by category
Click the Count of events by category link to expand the following graphs:

Count of events for each target

Count of events for each actor

Count of events for each event type

For more information about a data point, hover over any of the bars in the graphs. Narrow the time range of a graph by dragging your mouse over the bars to grab the range you are interested in.

Events table

The Events table lists all events and includes information about time, actor, target, and more.

View more data about an event by clicking the right arrow on the corresponding row.

Filter events by Time, Event Info, Actor, or Targets in the table by clicking on the column header.

Download the entire table by clicking the Download CSV file link.

Toggle between the table view and a geolocation view, which displays events on a map.

Access the Rate Limit Dashboard using the using the link provided in the rate limit violation event. See Rate Limits Dashboard.

Filters and search

You can filter events by various parameters and operators in the System Log. By default, the filters display all events for the last seven days. See System Log filters and search for more information.

When running your application, you can view the associated local log files in separate tabs of the Run or Debug tool window.

For IntelliJ IDEA to identify which logs to show, you need to specify them in the respective run/debug configuration.

Run configurations are currently being redesigned: some configurations are updated and some are still in the old design. Use the procedure that corresponds to the appearance of the required configuration.

Add a log

In the run/debug configuration that will be used for launching the app, click the Logs tab. The Edit Log Files Aliases table displays the list of log files.

Specify the log Alias (the name that will be displayed in the tool window tabs) and the path to the log file.

You can also specify an Ant pattern for the log path. In case several files of a rolling log match the pattern, the most recent one will be taken. If you want to track all the logs that match the pattern, select Show all files coverable by pattern .

For information on pattern syntax and examples, refer to Ant official documentation.

Specify whether the corresponding tab should only show the new log entries using the Skip Content option.

Add a log

In the run/debug configuration that will be used for launching the app, click Modify options . From the menu, select Specify logs to be shown in console .

In the table that opens, click Add .

Specify the log Alias (the name that will be displayed in the tool window tabs) and the path to the log file.

You can also specify an Ant pattern for the log path. In case several files of a rolling log match the pattern, the most recent one will be taken. If you want to track all the logs that match the pattern, select Show all files coverable by pattern .

For information on pattern syntax and examples, refer to Ant official documentation.

Specify whether the corresponding tab should only show the new log entries using the Skip Content option.

When you have set up a log in the Logs section it will appear in a separate tab of the Run or Debug tool window whenever you run or debug the application.

If you don’t need a log for some time, you can temporarily disable it by clearing its Is Active box.

Save console output to a file

If you use console output for logging, you can save it to a file for later inspection.

In the run/debug configuration that will be used for launching the app, click the Logs tab. The Edit Log Files Aliases table displays the list of log files.

Select Save console output to file Specify the path to the file. If the file does not exist, it will be created automatically upon the first write.

Save console output to a file

If you use console output for logging, you can save it to a file for later inspection.

In the run/debug configuration that will be used for launching the app, click Modify options . From the menu, select Save console output to file .

Specify the path to the file. If the file does not exist, it will be created automatically upon the first write.

How to view the system log on a mac

Add login to your website in 5 minutes completely for free!

Free Sign Up No hidden costs. No credit card needed.

NGINX is an open-source web server and application server that helps you build a faster, scalable, secure, and reliable service. It comes with some features like load balancing, reverses proxy, caching, HTTP, and mail servers. Some advanced features like high performance and strong security make it a valued asset for your infrastructure.

Nginx HTTP server has a highly customizable and outstanding logging facility. Nginx writes the information in the different severity levels debug , info , notice , warn , error , alert , and emerg to the logs. By default, the Nginx access log is located at /var/log/nginx/access.log and the error log is located at /var/log/nginx/error.log . Nginx logs file default path depends on the operating system and installation. You can override the default settings and change the format of logged messages by editing the NGINX configuration file /etc/nginx/nginx.conf .

In this article, I will explain everything about the Nginx logs.

What is the purpose of the access log?

The NGINX logs all client requests just after the request is processed in the access logs. In access logs, You will see the files are accessed, how NGINX responded to a request, which browser a client is using, client IP addresses, and more in this section. The information from the access log can be used to evaluate traffic and monitor site use over time. If a user is submitting any suspicious requests, we can monitor using the access logs, and it helps us identify the application security vulnerabilities.

What is the purpose of the error log?

Whenever NGINX encounters any problems, it will log them in the error log. It might possible an error in the configuration file, NGINX is not starting or has unexpectedly stopped or NGINX encounters any problems or if any error is coming from the upstream connection or connection time etc. it will log them in the error log.

These issues are categorized as debug , info , notice , warn , error . The default error log level is error and it is works globally. By default error log is located at logs/error.log . The error log directive overrides the setting inherited from the higher levels and can be defined at the http , stream , server , and location levels.

How configure the Nginx access log?

The Nginx Requests are logged in the context of a location where processing ends. It may be different from the original location. which could be found in either the HTTP or server or location sections. The syntax of the access_log directive is

By default, Nginx logs access log predefined combined format. We can overwrite access log formatting as per the requirement.

The following examples define the log format that extends the predefined combined format with the value indicating the ratio of gzip compression of the response.

How set up the Nginx error log?

The error_log directive sets up error logging to file or stderr , or Syslog by specifying the minimum severity level of error messages to be logged. The syntax of the error_log directive is

This will instruct Nginx to log all messages of type warn and more severe log-level crit, alert, and emerg messages.

Custom format in nginx log ?

The combined log format is the default log format for storing all transactions in the access log. You can create your custom log format and then specifying the name of the custom format in the access log directive; you can override the default behavior.

Nginx Default access log configuration

Another example of the log format enables tracking different time values between NGINX and an upstream server that may help to diagnose a problem if your website experiences slowdowns. You can use the following variables to log the indicated time values:

In the first example, I m showing how we can track or log user agent, upstream server response time, request refer host, user Ip address, etc.

In the second example, I m showing how we can track or log request query string parameters in the Nginx logs.

I m logging clientid query string request parameter in the Nginx logs.

You can get all embedded Nginx variables or detail from here – Nginx Http Upstream Module Nginx Http Core Module

How to do conditional logging in the Nginx log?

Sometimes You may want to log specific requests. Conditional logging is used to do this in the Nginx.

Suppose you want to exclude 200 status responses from the logs.

Suppose you don’t want to log an internal Ip address request.

Logging to Syslog ?

If you already have unified server logs or if a regular Syslog framework evaluates your logs, you can redirect your NGINX access_log or error_log using the Syslog utility. The Syslog utility is a machine message logging standard that allows several devices to send log messages to a single Syslog server.

We can set Syslog location in the Nginx logs configuration using the server = . It may be a domain name, an IP address, or a UNIX-domain socket path.

Operating system logs provide a wealth of diagnostic information about your computer, and Linux is no exception. Everything from kernel events to user actions are logged by Linux, allowing you to see almost any action performed on your servers. In this section, we’ll explain what Linux logs are, where you can find them, and how to interpret them.

Linux System Logs

Linux has a special directory for storing logs called /var/log . This directory contains logs from the OS itself, services, and various applications running on the system. Here’s what this directory looks like on a typical Ubuntu system.

How to view the system log on a mac

Some of the most important Linux system logs include:

  • /var/log/syslog and /var/log/messages store all global system activity data, including startup messages. Debian-based systems like Ubuntu store this in /var/log/syslog , while Red Hat-based systems like RHEL or CentOS use /var/log/messages .
  • /var/log/auth.log and /var/log/secure store all security-related events such as logins, root user actions, and output from pluggable authentication modules (PAM). Ubuntu and Debian use /var/log/auth.log , while Red Hat and CentOS use /var/log/secure .
  • /var/log/kern.log stores kernel events, errors, and warning logs, which are particularly helpful for troubleshooting custom kernels.
  • /var/log/cron stores information about scheduled tasks (cron jobs). Use this data to verify that your cron jobs are running successfully.

Some applications also write log files in this directory. For example, the Apache web server writes logs to the /var/log/apache2 directory (on Debian), while MySQL writes logs to the /var/log/mysql directory. Some applications also log via syslog, which we’ll explain in the next section.
[button url=”syslog”]syslog[/button]

What’s Syslog?

Syslog is a standard for creating and transmitting logs. The word “syslog” can refer to any of the following.

  1. The syslog service, which receives and processes syslog messages. It listens for events by creating a socket located at /dev/log , which applications can write to. It can write messages to a local file or forward messages to a remote server. There are different syslog implementations including rsyslogd and syslog-ng.
  2. The syslog protocol (RFC 5424), which is a transport protocol that specifies how to transmit logs over a network. It is also a data format defining how messages are structured. By default, it uses port 514 for plaintext messages and port 6514 for encrypted messages.
  3. A syslog message, which is any log formatted in the syslog message format. A syslog message consists of a standardized header and message containing the log’s contents.

Since syslog can forward messages to remote servers, it’s often used to forward system logs to log management solutions such as SolarWinds ® Loggly ® and SolarWinds Papertrail ™ .

Syslog Format and Fields

Syslog messages contain a standardized header with several fields. These include the timestamp, the name of the application that generated the event, the location in the system where the message originated, and its priority. You can change this format in your syslog implementation’s configuration file, but using the standard format makes it easier to parse, analyze, and route syslog events.

Here is an example log message using the default format. It’s from the sshd daemon, which controls remote logins to the system. This message describes a failed login attempt:

You can also add additional fields to your syslog messages. Let’s repeat the last event after adding a few new fields. We’ll use the following rsyslog template, which adds the priority ( <%pri%> ), protocol version ( %protocol-version% ), and the date formatted using RFC 3339 ( %timestamp. date-rfc3339% ):

This generates the following log:

Below, you’ll find descriptions of some of the most commonly used syslog fields when searching or troubleshooting issues.

The timestamp field indicates the time and date the message was generated on the system sending the message. The example timestamp breaks down like this:

  • “2019-06-05”is the year, month, and day.
  • “T”is a required element of the timestamp field, separating the date and the time.
  • “22:14:15.003”is the 24-hour format of the time, including the number of milliseconds (003).
  • “Z”indicates UTC time. Instead of z, the example could have included an offset, such as -08:00, which indicates that the time is offset from UTC by eight hours.

The hostname field (“server1” in the example above) indicates the name of the host or system that originally sent the message.

The app-name field (“sshd:auth” in the example) indicates the name of the application that sent the message.

The priority field or pri for short (“<34>” in the example above) tells you how urgent or severe the event is. It’s a combination of two numerical fields: the facility and the severity. The facility specifies the type of process that created the event, ranging from 0 for kernel messages to 23 for local applications. The severity ranges from 0–7, with 0 indicating an emergency and 7 indicating a debug event.

Pri can be output in two ways. The first is as a single number, prival, which is calculated as the facility field value multiplied by eight, then the result is added to the severity field value: (facility)(8) + (severity). The second is pri-text, which will output in the string format “facility.severity”. The latter format can often be easier to read and search, but takes up more storage space.

Logging with Systemd

Many Linux distributions ship with systemd, which is a process and service manager. Systemd implements its own logging service called journald that can replace or complement syslog. Journald logs in a significantly different manner than systemd, which is why it has its own section in the Ultimate Guide to Logging. You can learn more about logging via systemd in the Systemd Logging section.

GitLab has an advanced log system where everything is logged, so you can analyze your instance using various system log files. In addition to system log files, GitLab Enterprise Edition provides Audit Events.

System log files are typically plain text in a standard log file format. This guide talks about how to read and use these system log files.

  • Customize logging on Omnibus GitLab installations including adjusting log retention, log forwarding, switching logs from JSON to plain text logging, and more.
  • How to parse and analyze JSON logs.

Log Levels

Each log message has an assigned log level that indicates its importance and verbosity. Each logger has an assigned minimum log level. A logger emits a log message only if its log level is equal to or above the minimum log level.

GitLab loggers emit all log messages because they are set to DEBUG by default.

Override default log level

You can override the minimum log level for GitLab loggers using the GITLAB_LOG_LEVEL environment variable. Valid values are either a value of 0 to 5 , or the name of the log level.

Log Rotation

  • logrotate
  • svlogd ( runit ’s service logging daemon)
  • logrotate and svlogd
  • Or not at all


  • Omnibus GitLab: /var/log/gitlab/gitlab-rails/production_json.log
  • Installations from source: /home/git/gitlab/log/production_json.log

It contains a structured log for Rails controller requests received from GitLab, thanks to Lograge. Requests from the API are logged to a separate file in api_json.log .

Each line contains JSON that can be ingested by services like Elasticsearch and Splunk. Line breaks were added to examples for legibility:

  • duration_s : Total time to retrieve the request
  • queue_duration_s : Total time the request was queued inside GitLab Workhorse
  • view_duration_s : Total time inside the Rails views
  • db_duration_s : Total time to retrieve data from PostgreSQL
  • cpu_s : Total time spent on CPU
  • gitaly_duration_s : Total time by Gitaly calls
  • gitaly_calls : Total number of calls made to Gitaly
  • redis_calls : Total number of calls made to Redis
  • redis_duration_s : Total time to retrieve data from Redis
  • redis_read_bytes : Total bytes read from Redis
  • redis_write_bytes : Total bytes written to Redis
  • redis__calls : Total number of calls made to a Redis instance
  • redis__duration_s : Total time to retrieve data from a Redis instance
  • redis__read_bytes : Total bytes read from a Redis instance
  • redis__write_bytes : Total bytes written to a Redis instance
  • pid : Process ID of the Puma worker

User clone and fetch activity using HTTP transport appears in the log as action: git_upload_pack .

In addition, the log contains the originating IP address, ( remote_ip ), the user’s ID ( user_id ), and username ( username ).

  • elasticsearch_calls : Total number of calls to Elasticsearch
  • elasticsearch_duration_s : Total time taken by Elasticsearch calls
  • elasticsearch_timed_out_count : Total number of calls to Elasticsearch that timed out and therefore returned partial results

ActionCable connection and subscription events are also logged to this file and they follow the previous format. The method , path , and format fields are not applicable, and are always empty. The ActionCable connection or channel class is used as the controller .

The secure and convenient way to create and store passwords, log in to websites and fill forms. Remember one master password and let Enpass take care of the rest.

How to view the system log on a mac

Secure your digital life.

Keep your passwords, logins, credit cards, driving licenses and other important files safe and handy in one place.

How to view the system log on a mac

Create strong passwords

How to view the system log on a mac

Secure online shopping

Automatically fill in payment details when shopping online and protect yourself from phishing attacks.

Password audit

Do a regular health check to filter out your weak, compromised, old and expired passwords.


Keep everything organized with separate profiles for work, personal and family, and give family access to everything they need.

A place for everything

Choose from a library of 80+ built-in templates to store credit cards, passports, driving licenses, insurance documents and more.

“Offline” storage for total peace of mind

“Offline” means we don’t store your passwords, credentials or files on our servers. All your passwords, logins and files are stored (encrypted) locally on your device(s). And you can still synchronize everything using your own cloud accounts.