Hello All,
We get sysdiagnose files from iOS devices all the time and I started to see some inconsistencies in the data. In some cases the system_logs.logarchive can go back 30 days and others I only see 8 days.
When we convert the logs to a text file at times they can be 200MB and other times 1100MB
log show /system_logs.logarchive --info --debug > sysdiagnose_decrypted.log
More importantly, the application we create logs to this but some users can only see 24 hours back when the actual log goes back 12 days.
Example:
---first entry
2019-09-10 10:13:10.570199-0400 0xc022 Default 0x169e3 108 8 dasd: (DuetActivitySchedulerDaemon) [com.apple.duetactivityscheduler:bar] Recent Applications:
2019-09-24 10:12:21.751882-0400 0x13588d Default 0x0 62 0 assertiond: [com.apple.assertiond:process_info] [MobileMail:4254] Setting jetsam priority to 0 [0x2000]
--First app entry
2019-09-24 11:17:33.859478-0400 0x137839 Default 0x58525a 62 0 assertiond: [com.apple.assertiond:process_info] [App tag :4629] Adding client:
2019-09-24 11:17:35.421143-0400 0x13784e Default 0x0 4629 0 App tag : [INFO][2019-09-24 15:17:35 +0000] - Device is locked data is unavailable
Questions:
1. Does anyone know how the log retention works with sysdiagnose?
2. Why would we see our app at times only log back 24h and other times ~8 or 30 days?
3. Does device restarts alter the application data retention?
4. Apple has extra debug profiles to enhance/enable debug logs. Does anyone know how they might affect application data retention or the entire log retention?