Collection of Unified Logs on macOS systems is pretty straight forward. You can use the command, and yes – you do have to be root.

sudo log collect 

Collection from iOS device is not as obvious. I think most of us are doing the sysdiagnose/AirDrop method which is tricky. Trying to trigger a sysdiagnose on an iOS device can be frustrating to get the right button hits with the right timing. (Not completely unlike trying to get a device in DFU mode!)

In my recent testing, I noticed the argument--device-udid in ‘log’ man page. This functionality seems to have made an appearance in 10.15. The following also appeared

• --device-name – The device name, ie: “Elwood’s iPhone”

• --device – “First device found”. I guess I would consider this the #YOLO option. 🤷🏻‍♀️

This argument has been super handy in recent testing to bypass the frustration of sysdiagnose on iOS devices. I like using the UDID instead of the name, so I will use idevice_id from libimobiledevice to quickly get that.

I have a choice between two devices. One tethered over a lightning cable to my Mac, the other available over the local network. You can use either option to use collect unified logs.

To use this new log argument, iOS devices must be trusted and paired to the Mac, otherwise you’ll get this error.

The following is an example of what I might use for quick iOS testing. While I can dump all the logs, to make things go quicker I use --last to control how much I want to dig through (could also do this with --size). I also don’t use the default output name of system_logs.logarchive, but use the --output option to name them appropriately. This is nice if you are doing multiple tests over and over. Also, I couldn’t even tell you how many random system_logs.logarchives files I have on my system from many different test devices!)

sudo log collect --device-udid <UDID> --last 10m --output iphone_test1.logarchive

You may also see these devices in Console.app if you have it open.

One device we see in Console.app that we didn’t see via idevice_id, is my Apple Watch. You can load up the sysdiagnose profile on the paired iPhone by following these instructions. I AirDrop this to my iPhone to install it.

This profile will be usable for three days to read Apple Watch logs in Console.app before you will have to reload it.

I feel the Apple Watch can (should?) be collected in the same way by using –device-udid, however I get an “log: failed to create archive: Device not configured (6)” error and sometimes a partial and corrupt logarchive. If anyone has any pointers for this, please let me know!

I hope this argument gives us less of an excuse to review our Unified Logs on our iOS devices, we certainly need to know more about what is stored on them and how they are similar or different to our macOS devices.