import os

def search_and_delete_entries(log_file_path, output_file_path, search_term):
    try:
        # Verify the input file exists
        if not os.path.isfile(log_file_path):
            print(f"The log file {log_file_path} does not exist.")
            return

        # Open the log file and a temporary file to write filtered data
        with open(log_file_path, 'r') as log_file:
            with open(output_file_path, 'w') as output_file:
                for line in log_file:
                    # Check if the line does not contain the search term
                    if search_term not in line:
                        output_file.write(line)

        print(f"Entries related to '{search_term}' have been removed. Clean log saved as {output_file_path}")

    except Exception as e:
        print(f"An error occurred: {e}")

def main():
    log_file_path = "/path/to/your/log/file.log"  # Specify the path to your log file
    output_file_path = "/path/to/your/cleaned/log/file_clean.log"  # Specify the path for the cleaned log file
    search_term = "process_name_or_PID"  # Specify the process name or PID

    search_and_delete_entries(log_file_path, output_file_path, search_term)

if __name__ == "__main__":
    main()

import subprocess
import sys

def search_and_show_log_entries(process_identifier):
    """
    Searches macOS logs for entries related to a specific process name or PID.
    
    Parameters:
        process_identifier (str): The process name or PID to search for in the logs.
    """
    try:
        # Use the 'log' utility to filter system logs for a specific process
        log_command = ['log', 'show', '--predicate', f'process == "{process_identifier}"', '--info']
        result = subprocess.run(log_command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)

        if result.returncode != 0:
            print(f"Error finding log entries: {result.stderr}")
            return
        
        if result.stdout:
            print(f"Log entries for process '{process_identifier}':\n")
            print(result.stdout)
        else:
            print(f"No log entries found for process '{process_identifier}'.")
    
    except Exception as e:
        print(f"An error occurred: {str(e)}")

if __name__ == "__main__":
    if len(sys.argv) != 2:
        print("Usage: python search_logs.py <process_name_or_pid>")
        sys.exit(1)

    process_identifier = sys.argv[1]
    search_and_show_log_entries(process_identifier)

python search_logs.py <process_name_or_pid>

import os
import re
import shutil
import subprocess

# Path to system log directory
LOG_DIR = "/var/log/"

# Backup the original log directory to ensure we can recover data if needed
BACKUP_LOG_DIR = "/var/log_backup/"

def backup_log_directory():
    if os.path.exists(BACKUP_LOG_DIR):
        shutil.rmtree(BACKUP_LOG_DIR)
    shutil.copytree(LOG_DIR, BACKUP_LOG_DIR)
    print(f"Log directory backed up to {BACKUP_LOG_DIR}")

def search_and_delete(process_name=None, pid=None):
    if not process_name and not pid:
        raise ValueError("Either process_name or pid must be provided")

    pattern = None
    if process_name:
        pattern = re.compile(rf".*{re.escape(process_name)}.*")
    elif pid:
        pattern = re.compile(rf".*\b{pid}\b.*")

    for root, dirs, files in os.walk(LOG_DIR):
        for filename in files:
            filepath = os.path.join(root, filename)
            print(f"Processing file: {filepath}")
            try:
                with open(filepath, "r") as file:
                    lines = file.readlines()

                new_lines = [line for line in lines if not pattern.match(line)]

                with open(filepath, "w") as file:
                    file.writelines(new_lines)

            except Exception as e:
                print(f"Error processing file {filepath}: {e}")

def delete_log_entries(process_name=None, pid=None):
    backup_log_directory()  # Backup logs before modifying them
    search_and_delete(process_name=process_name, pid=pid)

if __name__ == "__main__":
    # Replace these with the target process name or PID you'd like to filter
    TARGET_PROCESS_NAME = "YourProcessName"
    TARGET_PID = "1234"

    # Run the deletion process
    try:
        delete_log_entries(process_name=TARGET_PROCESS_NAME, pid=None)
        # Or search and delete by PID
        # delete_log_entries(process_name=None, pid=TARGET_PID)
        print("Log entries deleted successfully.")
    except Exception as error:
        print(f"An error occurred: {error}")

import os

def filter_logs(file_path, identifier):
    """
    Removes all log entries containing a specific process name or PID.

    :param file_path: Path to the log file.
    :param identifier: Process name or PID to search for in the logs.
    """
    try:
        # Read the log file
        with open(file_path, 'r') as file:
            lines = file.readlines()

        # Filter lines not containing the identifier
        filtered_lines = [line for line in lines if identifier not in line]

        # Write filtered lines back to the file
        with open(file_path, 'w') as file:
            file.writelines(filtered_lines)

        print(f"Log entries related to '{identifier}' have been removed.")

    except FileNotFoundError:
        print("The specified log file was not found.")
    except PermissionError:
        print("Permission denied. Please check your access rights.")
    except Exception as e:
        print(f"An error occurred: {e}")

# Specify the path to your log file and the process name/PID
log_file_path = '/path/to/your/logfile.log'
process_identifier = 'your_process_name_or_pid'

filter_logs(log_file_path, process_identifier)

import subprocess
import re
import sys

def search_logs(process_name=None, pid=None):
    if not process_name and not pid:
        print("Either process_name or pid must be provided.")
        return None

    try:
        # Construct the search query
        search_query = ""
        if process_name:
            search_query += f'process == "{process_name}"'
        if pid:
            if search_query:
                search_query += " OR "
            search_query += f'eventMessage CONTAINS "pid: {pid}"'

        # Use the `log` command to show entries with the specific process name or PID
        log_command = ['log', 'show', '--predicate', search_query, '--info', '--style', 'compact']
        result = subprocess.run(log_command, capture_output=True, text=True)

        # Check if the command was successful
        if result.returncode == 0:
            print("Found Logs:")
            print(result.stdout)
        else:
            print("Error occurred while fetching logs:", result.stderr)
        return result.stdout
    except Exception as e:
        print("An error occurred:", e)
        return None

def main():
    if len(sys.argv) < 3:
        print("Usage: python script.py <process_name> <pid>")
        sys.exit(1)

    process_name = sys.argv[1]
    pid = sys.argv[2]

    # Search for logs matching the process name or PID
    print(f"Searching logs for process '{process_name}' or PID '{pid}'...")
    logs = search_logs(process_name=process_name, pid=pid)

    # Placeholder for actual deletion (Just indicates what's found)
    if logs:
        print(f"The following logs will be deleted for process '{process_name}' or PID '{pid}':")
        print(logs)
        # Here is where you need to handle any deletion logic, which is not straightforward
        # e.g., consider exporting logs that need to be archived before deletion
        print("Note: Direct deletion of macOS system logs is not recommended.")
    else:
        print("No logs found for the specified process or PID.")

if __name__ == "__main__":
    main()