log show --predicate 'processImagePath CONTAINS "ProcessName"'

log config --mode "level:default"

#!/usr/bin/env python3
import subprocess
import argparse
import sys
import re
from datetime import datetime

def validate_pid(pid):
    """Validate that the PID is a positive integer."""
    try:
        pid_num = int(pid)
        if pid_num <= 0:
            return False
        return True
    except ValueError:
        return False

def log_backup(backup_path):
    """Create a backup of current logs before modification."""
    timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
    backup_file = f"{backup_path}/log_backup_{timestamp}.txt"
    
    try:
        subprocess.run(['log', 'show', '--last', '24h', '--output', backup_file], 
                      check=True, capture_output=True)
        print(f"Backup created at: {backup_file}")
        return True
    except subprocess.CalledProcessError as e:
        print(f"Error creating backup: {e}")
        return False

def search_and_delete_logs(process_name=None, pid=None, dry_run=True):
    """Search for and optionally delete log entries matching process name or PID."""
    
    if not process_name and not pid:
        print("Error: Either process name or PID must be provided")
        return

    # Construct the log show command
    cmd = ['log', 'show', '--last', '24h']
    
    try:
        # Get log entries
        result = subprocess.run(cmd, capture_output=True, text=True, check=True)
        log_entries = result.stdout.split('\n')
        
        # Pattern matching for process name or PID
        matched_entries = []
        if process_name:
            pattern = re.compile(f"\\b{re.escape(process_name)}\\b", re.IGNORECASE)
        else:
            pattern = re.compile(f"\\b{pid}\\b")

        for entry in log_entries:
            if pattern.search(entry):
                matched_entries.append(entry)

        # Report findings
        print(f"Found {len(matched_entries)} matching log entries")
        
        if dry_run:
            print("\nDRY RUN - No entries will be deleted")
            print("Sample of entries that would be deleted:")
            for entry in matched_entries[:5]:
                print(entry)
        else:
            # Implement actual deletion using 'log erase' command
            if matched_entries:
                if process_name:
                    delete_cmd = ['log', 'erase', '--all', f'process == "{process_name}"']
                else:
                    delete_cmd = ['log', 'erase', '--all', f'processID == {pid}']
                
                try:
                    subprocess.run(delete_cmd, check=True)
                    print("Successfully deleted matching log entries")
                except subprocess.CalledProcessError as e:
                    print(f"Error deleting log entries: {e}")
                    return False

        return True

    except subprocess.CalledProcessError as e:
        print(f"Error accessing logs: {e}")
        return False

def main():
    parser = argparse.ArgumentParser(description='Clean up macOS log entries by process name or PID')
    parser.add_argument('--process', '-p', help='Process name to search for')
    parser.add_argument('--pid', help='Process ID to search for')
    parser.add_argument('--backup', '-b', help='Backup directory path')
    parser.add_argument('--execute', '-e', action='store_true', 
                        help='Actually delete entries (default is dry-run)')
    
    args = parser.parse_args()

    if not args.process and not args.pid:
        parser.error("Either --process or --pid must be specified")

    if args.pid and not validate_pid(args.pid):
        parser.error("PID must be a positive integer")

    # Create backup if path provided
    if args.backup:
        if not log_backup(args.backup):
            sys.exit(1)

    # Perform the search and delete operation
    success = search_and_delete_logs(
        process_name=args.process,
        pid=args.pid,
        dry_run=not args.execute
    )

    sys.exit(0 if success else 1)

if __name__ == "__main__":
    main()

# Dry run for a process name
./clean_logs.py --process "ProcessName"

# Dry run for a PID
./clean_logs.py --pid 1234

# Actually delete entries with backup
./clean_logs.py --process "ProcessName" --backup /path/to/backup/dir --execute

#!/usr/bin/env python3
import subprocess
import argparse
import sys
import re
from datetime import datetime

def validate_pid(pid):
    if pid and not pid.isdigit():
        raise argparse.ArgumentTypeError("PID must be a number")
    return pid

def check_sudo():
    if os.geteuid() != 0:
        print("This script requires sudo privileges to modify system logs.")
        print("Please run with sudo.")
        sys.exit(1)

def search_and_remove_logs(process_name=None, pid=None, dry_run=True):
    try:
        # Prepare the log show command
        base_cmd = ["log", "show", "--style", "json"]
        
        # Build predicate based on input
        predicates = []
        if process_name:
            predicates.append(f"processImagePath CONTAINS '{process_name}'")
        if pid:
            predicates.append(f"processID == {pid}")
            
        if predicates:
            predicate = " OR ".join(predicates)
            base_cmd.extend(["--predicate", predicate])

        # Execute the log show command
        print("Searching for matching log entries...")
        result = subprocess.run(base_cmd, capture_output=True, text=True)
        
        if result.returncode != 0:
            print(f"Error searching logs: {result.stderr}")
            return
            
        # Parse the output
        log_entries = result.stdout.strip().split("\n")
        entry_count = len([line for line in log_entries if line.strip()])
        
        print(f"Found {entry_count} matching log entries.")
        
        if dry_run:
            print("Dry run - no entries will be removed.")
            print("Sample of entries that would be removed:")
            for line in log_entries[:5]:
                print(line)
            return
            
        # Confirm before proceeding
        response = input("Do you want to proceed with removal? (y/N): ").lower()
        if response != 'y':
            print("Operation cancelled.")
            return
            
        # Remove the entries
        print("Removing log entries...")
        remove_cmd = ["log", "erase", "--all"]
        if predicates:
            remove_cmd.extend(["--predicate", predicate])
            
        result = subprocess.run(remove_cmd, capture_output=True, text=True)
        
        if result.returncode == 0:
            print("Log entries successfully removed.")
        else:
            print(f"Error removing log entries: {result.stderr}")
            
    except subprocess.SubprocessError as e:
        print(f"Error executing log command: {str(e)}")
    except Exception as e:
        print(f"An unexpected error occurred: {str(e)}")

def main():
    parser = argparse.ArgumentParser(description="Search and remove macOS log entries")
    parser.add_argument("-p", "--process", help="Process name to search for")
    parser.add_argument("-i", "--pid", help="Process ID to search for", type=validate_pid)
    parser.add_argument("--dry-run", action="store_true", 
                      help="Show what would be removed without actually removing")
    
    args = parser.parse_args()
    
    if not args.process and not args.pid:
        parser.error("At least one of --process or --pid must be specified")
    
    check_sudo()
    search_and_remove_logs(args.process, args.pid, args.dry_run)

if __name__ == "__main__":
    main()

# Dry run to see what would be removed for a specific process
sudo ./clean_logs.py --process "Safari" --dry-run

# Remove all log entries for a specific PID
sudo ./clean_logs.py --pid 1234

# Remove all log entries for both process name and PID
sudo ./clean_logs.py --process "Chrome" --pid 5678

#!/usr/bin/env python3
import subprocess
import argparse
import re
import sys
from datetime import datetime

def validate_input(process_identifier):
    """Validate the input is either a valid PID or process name."""
    if process_identifier.isdigit():
        return True
    # Basic process name validation (alphanumeric and some special chars)
    return bool(re.match(r'^[a-zA-Z0-9._-]+$', process_identifier))

def backup_logs(timestamp):
    """Create a backup of the logs before modification."""
    try:
        backup_file = f"logs_backup_{timestamp}.txt"
        subprocess.run(['log', 'show', '--last', '24h', '--format', 'json'], 
                      stdout=open(backup_file, 'w'), 
                      check=True)
        print(f"Backup created: {backup_file}")
        return True
    except subprocess.CalledProcessError as e:
        print(f"Error creating backup: {e}")
        return False

def search_logs(process_identifier):
    """Search logs for entries matching the process identifier."""
    try:
        if process_identifier.isdigit():
            # Search by PID
            cmd = ['log', 'show', '--predicate', f'processID == {process_identifier}', '--last', '24h']
        else:
            # Search by process name
            cmd = ['log', 'show', '--predicate', f'processImagePath CONTAINS "{process_identifier}"', '--last', '24h']
        
        result = subprocess.run(cmd, 
                              capture_output=True, 
                              text=True, 
                              check=True)
        return result.stdout
    except subprocess.CalledProcessError as e:
        print(f"Error searching logs: {e}")
        return None

def clean_logs(process_identifier):
    """Clean log entries for the specified process."""
    try:
        if process_identifier.isdigit():
            predicate = f'processID == {process_identifier}'
        else:
            predicate = f'processImagePath CONTAINS "{process_identifier}"'
            
        cmd = ['log', 'erase', '--predicate', predicate]
        
        # This requires sudo privileges
        result = subprocess.run(['sudo'] + cmd, 
                              capture_output=True, 
                              text=True)
        
        if result.returncode == 0:
            print("Log entries successfully cleaned.")
            return True
        else:
            print(f"Error cleaning logs: {result.stderr}")
            return False
    except subprocess.CalledProcessError as e:
        print(f"Error cleaning logs: {e}")
        return False

def main():
    parser = argparse.ArgumentParser(description='Search and clean macOS logs for specific process')
    parser.add_argument('identifier', help='Process name or PID to search for')
    parser.add_argument('--no-backup', action='store_true', help='Skip creating backup')
    parser.add_argument('--dry-run', action='store_true', help='Only show matching entries without deleting')
    args = parser.parse_args()

    if not validate_input(args.identifier):
        print("Invalid process identifier provided")
        sys.exit(1)

    timestamp = datetime.now().strftime('%Y%m%d_%H%M%S')

    # Create backup unless explicitly skipped
    if not args.no_backup:
        if not backup_logs(timestamp):
            print("Failed to create backup. Aborting.")
            sys.exit(1)

    # Search for matching entries
    matching_entries = search_logs(args.identifier)
    if matching_entries:
        print("\nMatching log entries found:")
        print(matching_entries)
        
        if args.dry_run:
            print("\nDry run - no entries were deleted.")
            return

        # Confirm before proceeding
        response = input("\nDo you want to proceed with cleaning these log entries? (y/N): ")
        if response.lower() != 'y':
            print("Operation cancelled.")
            return

        # Clean the logs
        if clean_logs(args.identifier):
            print(f"Successfully cleaned log entries for {args.identifier}")
        else:
            print("Failed to clean log entries")
    else:
        print("No matching log entries found")

if __name__ == "__main__":
    if not sys.platform.startswith('darwin'):
        print("This script is intended for macOS only")
        sys.exit(1)
    main()

   # Search by process name
   ./clean_logs.py Safari
   
   # Search by PID
   ./clean_logs.py 1234
   
   # Dry run (only show matching entries)
   ./clean_logs.py Safari --dry-run
   
   # Skip backup creation
   ./clean_logs.py Safari --no-backup
   

# Safe log viewing script
import subprocess
import datetime

def view_process_logs(process_name=None, pid=None, hours=1):
    """
    Safely view logs for a specific process or PID
    """
    try:
        # Base command
        cmd = ['log', 'show']
        
        # Add time filter
        time_arg = f'--last {hours}h'
        cmd.append(time_arg)
        
        # Add process/PID predicates
        if process_name:
            cmd.extend(['--predicate', f'process == "{process_name}"'])
        elif pid:
            cmd.extend(['--predicate', f'processID == {pid}'])
            
        # Execute command
        result = subprocess.run(cmd, capture_output=True, text=True)
        
        return result.stdout
        
    except Exception as e:
        return f"Error viewing logs: {str(e)}"

# Example usage
if __name__ == "__main__":
    # View logs for a specific process
    logs = view_process_logs(process_name="Safari", hours=2)
    print(logs)
    
    # View logs for a specific PID
    # logs = view_process_logs(pid="1234", hours=2)
    # print(logs)

# View log configuration
log config --status

# Adjust log retention (requires sudo)
sudo log config --mode "only-cached"

# Clear system log cache (requires sudo)
sudo log erase --all