Same as for macOS. On iOS - /private/var/.fseventsd, for System: /.fseventsd and Developer Patch at /DeveloperPatch/.fseventsd.
Internet activity
SELECT
*, _ROWID_ "NAVICAT_ROWID"
FROM
"fsevents"
WHERE
"filename" LIKE '%websitedata/local%'
Email activity
SELECT
*, _ROWID_ "NAVICAT_ROWID"
FROM
"fsevents"
WHERE
"filename" LIKE 'mobile/Library/Mail/%’
iCloud synced files
SELECT
*, _ROWID_ "NAVICAT_ROWID"
FROM
"fsevents"
WHERE
"filename" LIKE 'mobile/Library/Mobile
Documents/com~apple~CloudDocs/%'
Syslog
According to Apple docs, NSLog now doesn’t write to syslog, therefore I didn’t find a syslog.sock or syslog file itself.
Important
The unified logging system is available in iOS 10. and later, macOS 10.12 and later, tvOS 10.0 and later, and watchOS 3.0 and later. This system supersedes the Apple System Logger (ASL) and Syslog APIs.
That’s why now with newer devices you can’t view logs with
socat - UNIX-CONNECT:/var/run/lockdown/syslog.sock
# gives an error
socat[2520] E connect(5, LEN=31 AF=1 "/var/run/lockdown/syslog.sock", 31): No such file or directory
ondeviceconsole tool won’t help either, since it uses the same socket (see main.c):
#define SOCKET_PATH "/var/run/lockdown/syslog.sock"
There is a socket file syslog (checked by trying to cp it), but using the above techniques with it didn’t work.
NSlog
With newer versions of iOS the Oslog API is used. To see the logs, use oslog utility from Cydia repository or Passionfruit multitool. Can pipe to grep to filter output.