This is the first page of a 5 page piece I just finished writing for MacTech. After the last episode of the MacAdmins podcast though, I wanted to go ahead and get some of the information out there. For a much more detailed analysis, check out MacTech!
Apple has a number of different logging APIs. For the past few releases, Apple has tried to capture everything possible in logs, creating what many administrators and developers might consider to be a lot of chatter. As such, an entirely new interface needed to be developed to categorize and filter messages sent into system logs.
The logger command is still used to create entries in system logs. However, if you are then using tail to view /var/log/system.log then you will notice that you no longer see your entry being written. This is because as the logs being created in macOS have gotten more complex, the tools to read and write those logs has gotten more complicated as well.
Let’s take a simple log entry. Below, we’ll write the string “Hello Logs” into the system log. To do so, use the –i option to put the process id of the logger process and –s to write to the system log, as well as to stderr. To make the entry easier we’ll tag it with –t followed by the string of the tag. And finally, we’ll quote the entry we want written into the log. This is basically the simplest form of an entry:
logger -is -t krypted "Hello Logs"
Once written, use the log command to read your spiffy new entries. This isn’t terribly different than how things worked previously. If you’re a developer, you will need to note that all of the legacy APIs you might be using, which include asl_log_message, NSLog, and syslog, have been redirected to the new Unified Logging system, provided you build software for 10.12 (you can still build as before for 10.11, iOS 9, tvOS 10, and watchOS 3 and below). These are replaced with the os_log, os_log_info, os_log_debug, os_log_error, os_log_fault, and os_log_create APIs (which correspond to various levels of logs that are written).
Logs are now stored in the tracev3 formatted files in /var/db/diagnostics, which is a compressed binary format. As with all binary files, you’ll need new tools to read the files. Console has been updated with a new hierarchical capability and the ability to watch activities, subsystems, etc.
The log command provides another means of reading those spiffy new logs. To get started, first check out the man page:
That “Hello Logs” string we used earlier is part of a message that you can easily view using the ‘log show’ command. In the below example, we’ll just run a scan of the last 3 minutes, using the –last option, and then providing a –predicate. We’ll explain those a bit later, but think of it as query parameters – here, we’ll specify to look for “Hello Logs” in eventMessage:
log show --predicate 'eventMessage contains "Hello Logs"' --last 3m
Filtering the log data using “eventMessage CONTAINS “Hello Logs”” shows us that our entry appears as follows:
Timestamp Thread Type Activity PID
2017-03-23 23:51:05.236542-0500 0x4b83bb Default 0x0 88294 logger: Hello Logs
Log – Default: 1, Info: 0, Debug: 0, Error: 0, Fault: 0
Activity – Create: 0, Transition: 0, Actions: 0
krypted March 26th, 2017
OK, I don’t talk politics, about personal stuff, etc on this site usually. And I’m not gonna’ start now. But with Give To The Max Day in Minnesota today, I did write an article on the meaning of Compassion on Huffington Post. It can be found at http://www.huffingtonpost.com/charles-edge/what-does-compassion-mean_b_12999974.html if you’re interested in such things; if not, hope you have a wonderful day!
krypted November 17th, 2016
Posted In: Tamarisk
The Server 5 app that installs on Sierra is great. But sometimes a change doesn’t get committed properly or has a mismatch with a certificate, and the server doesn’t respond properly… I know, you’ve been told that host name changes and IP changes are all kinds of OK at this point; “look, Charles, there’s a button!” Well, go ahead, click it. Don’t mind me, you might just be alright. But then again, you might not if you’re running Open Directory, Profile Manager, or a few other services… When it works it’s a thing of beauty. But when it doesn’t, you might be restoring some stuff from backup. But just before you do that restore, let’s try one more thing. Let’s try and rebuild some certificates and configuration settings that shouldn’t impact actual service operation. Let’s try to reset the Server app and let a fresh install of the Server see if it can fix issues.
Now, I want to be clear, this is usually the last resort before restoring a backup. I’ve had a lot of luck with services remaining functional and preserving settings when I do this, but don’t expect that to be the case every time. Basically, we’re going to do what we looked at doing back in ’09 with AppleSetupDone but one designed just for servers, so the file is in the same place (/var/db) and called .ServerSetupDone. To remove it, close Server app and run the following command:
sudo rm /var/db/.ServerSetupDone
Once removed, open the Server app again and then let the Server app run as though it’s new. Cruft, begone! Make sure to check things like server logs in the event that the service goes unresponsive again, and be wary of performing this step multiple times as there’s likely another underlying issue that you shouldn’t be resetting the server to resolve.
krypted October 11th, 2016
Posted In: Mac OS X Server
Organizations frequently have another party write iOS apps for them. When doing so, the organization typically wants to sign the .ipa (how iOS apps are deployed) prior to deploying the app to users. To do so, you would sign the .ipa with your provisioning profile. To make doing so easier, here’s ipasign, a python script that does most of the work for ya’:
krypted September 27th, 2016
krypted September 9th, 2016
Looks like Sal et al posted a suite of Automator Actions to link the Casper Suite to Apple Configurator at https://configautomation.com/jamf-actions.html. In my limited tests so far they work pretty darn well!
Some pretty cool things here, like having the JSS rename a mobile device when managed through Apple Configurator, having Apple Configurator instruct the JSS to remove a device from a group, clear passcodes, update inventory, and other common tasks involved in workflows when leveraging Apple Configurator for en masse device management. Good stuff!
krypted July 14th, 2016
I don’t like hunting through multiple apps to turn off a light in my house. Therefore, I’ve been trying to get everything centralized in the Wink app. When it comes to managing Philips Hue lights, the Wink can turn them on and off, as well as change the percentage that a bulb is lit, acting as a dimmer.
Philips Hue lights run through a bridge, known as the Hue Bridge. This device bridges the Wi-fi network and allows the Philips Hue app to control your lights. Once your Hue lights are configured, open the Wink app and tap on Add a Product.
At the Add a Product screen, tap on Lights.
At the Lights screen, tap on Hue Lights.
At the Philips Lights screen, tap on Next.
At the next screen, tap on Sign In.
At the Link Account screen, enter the email address and password and then tap on Log in.
At the Welcome screen, tap on Yes.
At the next screen, tap on Connect Now
Tap on the only button on the Hue Bridge.
Once the Wink app can communicate with the Hue bridge, tap on the Done button.
The lights that are running through your Hue Bridge will then be displayed in the Lights screen.
You can organize your lights into Groups. For example, if you have multiple bulbs in a single room, you might choose to group them together. To do so, tap on New Group.
Provide a name for your new group and check the box for each light to add to the group.
The app has then been setup and you can control your lights.
krypted July 8th, 2016
One of my favorite options in the latest round of home automationry is the ability to voice control all the things. The Wink has a pretty substantial list of supported home automation devices. The Alexa can control the Wink. Therefore, the Alexa can do all the things, even though integrations with Alexa were not built for most of those devices by Amazon.
The beauty here lies in the ubiquity of APIs these days. Alexa has a recipe-style option called a Skill (further humanizing her). Basically, you add the Wink skill, then scan for devices that are connected through the Wink, then viola, tell Alexa to do something to them. To get started, open the Alexa app and tap on Skills. Search for Wink and then tap on Enable.
At the Wink screen, enter the username and password for your Wink account and then tap on Sign In.
Provided all goes well, you’ll then be told that Alexa linked with Wink (there’s a joke there… anyone?).
Alexa doesn’t know about your devices that are connected through Wink yet. So now tap on Discover Devices.
The app then shows all the devices connected. Mine will have about 20, but I’ve only got two setup for now.
From the Wink app, let’s add another device.
Then let’s tap Discover Devices again from the Alexa app.
Any new devices are then displayed.
Different devices have different voice commands. For example, a thermostat can change the temperature whereas a light switch can turn on and off, a dimmer can be set to a certain percentage of power, or a garage door opener can open a garage door. Now, if I can only find the dip-switch controlled coffee pot and hook it up to an automated receptacle so Alexa can make me a cup of coffee…
krypted July 7th, 2016
There are two main garage door openers in the home automation space. The first is the Chamberlain MyQ and the second is the GoControl. The hardest part about setting up the MyQ was that I had to hit a funny orange button on my existing non-automated Chamberlain opener and then hit the button on the opener in my car to sync ’em up. It took about 10 tries, but eventually it worked.
Once configured, I didn’t love the loud noise the device made to open the garage door (guessing that because it’s compared with a strobe that this is a safety measure). Once the Chamberlain is configured, open the Wink app. Then tap Add A Product and then tap on Garage Doors.
At the Garage Doors screen, tap MyQ Garage Door.
At the Chamberlain Garage screen, tap on Next to verify that you want to add a MyQ to the Wink.
At the Get MyQ App screen, tap on I Have An Account (unless you don’t have an account yet, then tap on Get MyQ App and download the app, setup the garage door, and create an account).
At the Connect Account screen, tap on the Connect Now button.
At the MyQ overlay of the Link Account screen, enter your credentials and then tap on Authenticate.
Provided the authentication worked, tap on Done. Tap Name Garage Door and provide a name for the door (useful if you have two doors).
Next, use the Wink app to test the opener.
krypted July 3rd, 2016
Posted In: Home Automation
The seventh episode of the MacAdmins podcast is now available! This is my first time sitting out an episode, which might explain why it’s the best episode so far!
krypted June 21st, 2016
Posted In: MacAdmins Podcast