Same as for macOS. On iOS - /private/var/.fseventsd, for System: /.fseventsd and Developer Patch at /DeveloperPatch/.fseventsd.
Internet activity
SELECT
*, _ROWID_ "NAVICAT_ROWID"
FROM
"fsevents"
WHERE
"filename" LIKE '%websitedata/local%'
Email activity
SELECT
*, _ROWID_ "NAVICAT_ROWID"
FROM
"fsevents"
WHERE
"filename" LIKE 'mobile/Library/Mail/%β
iCloud synced files
SELECT
*, _ROWID_ "NAVICAT_ROWID"
FROM
"fsevents"
WHERE
"filename" LIKE 'mobile/Library/Mobile
Documents/com~apple~CloudDocs/%'
Syslog
According to Apple docs, NSLog now doesnβt write to syslog, therefore I didnβt find a syslog.sock or syslog file itself.
Important
The unified logging system is available in iOS 10. and later, macOS 10.12 and later, tvOS 10.0 and later, and watchOS 3.0 and later. This system supersedes the Apple System Logger (ASL) and Syslog APIs.
Thatβs why now with newer devices you canβt view logs with
socat - UNIX-CONNECT:/var/run/lockdown/syslog.sock
# gives an error
socat[2520] E connect(5, LEN=31 AF=1 "/var/run/lockdown/syslog.sock", 31): No such file or directory
ondeviceconsole tool wonβt help either, since it uses the same socket (see main.c):
#define SOCKET_PATH "/var/run/lockdown/syslog.sock"
There is a socket file syslog (checked by trying to cp it), but using the above techniques with it didnβt work.
NSlog
With newer versions of iOS the Oslog API is used. To see the logs, use oslog utility from Cydia repository or Passionfruit multitool. Can pipe to grep to filter output.