«
»

ASL: Test apps

2008-01-27 12:08:53 -08:00

In the course of writing these posts, I wrote about half a dozen test apps that I used to experiment with ASL’s behavior. A few of them are generally-useful enough that I’m going to share them with you now:

File: asllog.tgz

asllog is a command-line utility for logging messages with ASL. Its usage is very simple:

asllog key=value

It also provides a --to-file=filename switch, which you can use zero or more times to add files (using asl_add_log_file) for the message to be mirrored to.

File: aslsearch.tgz

aslsearch is a command-line utiliy for searching the ASL log or database. Its usage is similarly simple:

aslsearch expression

Each expression is comprised of a key, an operator, and a value. The operators are:

==
ASL_QUERY_OP_EQUAL
<
ASL_QUERY_OP_LESS
<=
ASL_QUERY_OP_LESS_EQUAL
>
ASL_QUERY_OP_GREATER
>=
ASL_QUERY_OP_GREATER_EQUAL
!=
ASL_QUERY_OP_NOT_EQUAL
<>
ASL_QUERY_OP_NOT_EQUAL
?
ASL_QUERY_OP_TRUE
Note that, whereas asllog uses one equals sign (assignment), aslsearch uses two (equality-testing). Note also that in the last case, the ? operator, no value is needed—“key?” is sufficient.

So, for example, to search for all NSLog messages sent by Xcode:

aslsearch Sender==Xcode 'CFLog Local Time?'

File: ASLReader.tgz

Finally, ASLReader is an application that polls the log (once per second) and posts a Growl notification for every new message that it finds. This serves as an effective demonstration not only of polling the log, but also of the minimal code needed to post Growl notifications. You may find the code for this application useful to adapt to other purposes.

Next in the ASL series: Executive summary and wrap-up

Categories: Apple System Logger; Mac OS X; Programming. | Comments: 2 (feed).

2 Responses to “ASL: Test apps”

  1. alexr Says:
    July 8th, 2008 at 18:39:42

    I’ve only played with aslsearch, but I noticed that it doesn’t seem to ever emit it’s usage info.

    I had a custom ASL extension I hacked up for Tiger that funneled incoming network syslog messages to unique logs per host. (Boy was that fun!) I’ve been trying to replace that with a simple query in Console.app.

    While experimenting with aslsearch to build that query, I noticed that a not equal combined with a regex will never match: I was trying to do !={~}(foo.com|localhost).

  2. Peter Hosey Says:
    July 8th, 2008 at 22:57:59

    alexr: See Searching, which describes the behavior of ASL_QUERY_OP_REGEX.

    As such, the correct expression is =~. =={~} will work, but is technically wrong.

    Good catch about it never printing its usage. I should make it do that. There is a usage string in the source file, ready to deploy.

Leave a Reply

Do not delete the second sentence.