# Collect native macOS system logs Starting with version 4.6.0, AxoSyslog can collect logs on macOS using its native OSLog framework using the `darwin-oslog()` and `darwin-oslog-stream()` source drivers. * [`darwin-oslog()`](../../docs/axosyslog-core/chapter-sources/darwin/index.md#darwin-oslog): This source builds on the native OSLog framework, and replaces the earlier file-source based solution. * [`darwin-oslog-stream()`](../../docs/axosyslog-core/chapter-sources/darwin/index.md#darwin-oslog-stream): Provides a live log stream feed. ## `darwin-oslog()` This source is based on the [native OSLog Framework]() to read logs from the local store of the unified logging system on darwin OSes. The AxoSyslog `system()` source automatically uses this new source on darwin platforms if the `darwinosl` plugin is available. This plugin is available only on macOS 10.15 Catalina and above, the first version that has the OSLog API. Note that the persistent OSLog store usually keeps about 7 days of logs on disk. The `darwin-oslog()` source has the following options: ### filter-predicate() | ---|--- Type: | string Default: | `(eventType == 'logEvent' || eventType == 'lossEvent' || eventType == 'stateEvent' || eventType == 'userActionEvent') && (logType != 'debug')` _Description:_ String for [native macOS log message filtering using predicates](). For example, the following predicate selects AirDrop logs: `subsystem=="com.apple.sharing" and category=="AirDrop"` ### do-not-use-bookmark() | ---|--- Type: | boolean Default: | `no` _Description:_ By default, AxoSyslog continues to read the logs from the last remembered position after a restart. If this option is set to `yes`, it will always start reading from the end or beginning of the available log list (depending on the setting of the [`go-reverse()`](../../docs/axosyslog-core/chapter-sources/darwin/index.md#go-reverse) option). ### fetch-delay() | ---|--- Type: | integer Default: | `10000` _Description:_ Controls the time AxoSyslog waits between reading and sending log messages. This is a fraction of a second, where `wait_time = 1 second / n`, so `n=1` means that only about 1 log is sent in each second, and `n=1000000` means only 1 microsecond is the delay between read/write attempts. The maximal value of this parameter is `1000000`. Note that increasing the value of this parameter (thus lowering delay time) can increase log feed performance, but at the same time could increase system load. ### fetch-retry-delay() | ---|--- Type: | integer Default: | `1` _Description:_ Controls how many seconds AxoSyslog waits before trying to check for new logs if there were no more logs to read the last time. ### go-reverse() | ---|--- Type: | boolean Default: | `no` _Description:_ Set it to `yes` to process the logs in a reverse order (from latest to oldest). ### log-fetch-limit() | ---|--- Type: | integer Default: | `0` (no limit) Warning This option is currently disabled because of an OSLog API bug. _Description:_ The maximum number of messages fetched from a source during a single poll loop. The destination queues might fill up before flow-control could stop reading if `log-fetch-limit()` is too high. ### max-bookmark-distance() | ---|--- Type: | integer Default: | `0` (no limit) [seconds] _Description:_ The maximum distance in seconds that a bookmark can point backwards. That is, if AxoSyslog was stopped for 10 minutes and `max-bookmark-distance()` is set to `60`, then AxoSyslog will start reading the logs from 60 seconds before the startup, losing 9 minutes of logs. ### read-old-records() | ---|--- Type: | boolean Default: | `no` _Description:_ If set to `yes`, AxoSyslog starts reading logs from the oldest available log when it’s first started on a system, or if there are no bookmarks for some reason ## darwin-oslog-stream() This source is a wrapper around the OS command line `log stream` command that provides a live log stream feed. Unlike the `darwin-oslog()` source, the live stream can contain non-persistent log events as well. This might result in a large number of log events every second. This source has only one option. ### params() | ---|--- Type: | string Default: | `--type log --type trace --level info --level debug` _Description:_ A string that can contain all the possible params the macOS `log` tool can accept. The source uses the “–style” internally (defaults to `ndjson`), so use templates or rewrite rules to format the final output. Use the `def-osl-stream-params` string to reference the default values when extending them with your own. For a full reference, see the output of the `log --help stream` and `man log` commands. Last modified November 20, 2024: [Broken link updates (5644de9)]()