tterakedis.dev

Technology

How 46 Hours Inside macOS Logs Made Me a Better Architect

A 46-hour deep dive into macOS unified logging became the origin story for how I debug AI pipelines today. Systematic debugging is an architectural discipline, not a junior task.

Jun 25, 2026 | 5 min read | ArchitectureDebuggingAiLessons-Learned

Back in 2020, I finally sat down and pulled every note I had on troubleshooting macOS into a single guide. It took about 46 hours of fingers on keys - typing, formatting, and testing every command before it went out the door. It shipped on VMware's TechZone, got more kudos than I expected for something that had been sitting in my to-do list way too long, and then, somewhere in the move from VMware to Broadcom to Omnissa, my author credit quietly disappeared.

I'm not bitter about it (okay, maybe a little). The expertise is still mine. The public proof of authorship just isn't anymore. So I'm putting the part that actually mattered somewhere nobody can edit the byline: here. I wrote up the original experience at the time in Troubleshooting macOS Management with Workspace ONE. This post is about what outlasted the platform.

Debugging is not a junior task

Somewhere along the way, "debugging" got filed under nerd-level work and "architecture" got filed under boxes and arrows. I think that split is wrong, and it's cost a lot of teams a lot of time.

The instinct that reads a log predicate to find the one line that matters is the same instinct that traces a failure across a distributed pipeline. It's the same muscle. I've used it on bare-metal failover clusters at a bank, on macOS escalations at VMware, and now on AI pipelines running in Azure. The surface changes. The discipline doesn't.

What 46 hours in the logs actually taught me

A few things stuck with me long after the guide shipped:

  1. Query, don't scroll. The biggest unlock writing that guide was finally learning macOS log predicates properly. Once you can filter at the source, you stop drowning in output and start asking the system questions. Every debugging setup I've built since has had this property - if I can't query the logs, I've already lost.

  2. The boring failure modes bite hardest. A surprising amount of "this command should work but doesn't" came down to straight versus curly quotes after a copy/paste from Word. Not logic. Not architecture. An invisible character. I've learned to rule out the dumb stuff first, because the dumb stuff is usually it.

  3. Capture everything, then narrow. This is the one I'd tattoo on people if I could. When you generate a sysdiagnose, you get an astonishing amount of detail, and the temptation is to grab only the piece you think you need. Don't. You don't know yet what you'll need, and being too selective up front can quietly remove a critical link in the error chain. Capture wide, then narrow down. You can always ignore data you collected. You can't analyze data you threw away.

  4. AI is changing how this works, fast. This is the newest lesson, and it's reshaping the whole craft. Log analysis is moving toward AI-assisted parsing, and the skill is shifting from "read the logs" to "ask the right question without leading the witness." If you hand an LLM a log dump and your pet theory, it'll happily confirm your theory. So I've started writing prompts deliberately: ask it to find patterns rather than validate a guess, explain the sequence of events to me like I'm five, and draft a test plan to reproduce the issue. The model is great at the pattern-matching. My job is to not contaminate it with my own assumptions.

The same discipline, in an AI pipeline

Here's where the old habit pays off in new work.

On a recent AI matching pipeline, I didn't wait for things to break before instrumenting them. Every step of the process emitted custom metrics into Azure Application Insights, each tagged with a correlation ID (a GUID) and a debug flag. That meant for any single decision the system made, I could pull the entire sequence of events that led to it.

That turned out to be the whole game. When a result looked wrong, I could take a sampled decision and reconstruct exactly what happened: what text influenced the quality score, what evidence the model leaned on for each item in the matching rubric, where in the chain the logic went sideways. And because the data was structured and already captured, I could parse it later with an LLM and Azure MCP querying App Insights directly, instead of eyeballing thousands of rows by hand.

It's the sysdiagnose lesson again, just on a cloud platform. Capture wide. Tag everything so you can trace it. Narrow down when you need to.

The through-line

I'll be honest - I don't think log analysis is the most important skill I have. But it's a big part of why I've ended up the "go-to" person on most of the teams I've been on. When something is genuinely broken and nobody can figure out why, I'm usually the one who'll sit down and deep-dive it until the answer falls out. That reputation didn't come from a diagram. It came from reading a lot of logs.

Design for the person who has to debug it

So here's the architectural takeaway, and it's the thing I actually want you to leave with: when you design a system, design it to be debuggable. Queryable logs. Captured artifacts. Transactions you can trace across every boundary. The architect who's read a thousand logs builds better systems, because they know exactly what it feels like to debug a bad one at 2am.

Got a problem? Check the logging.

Hiring a solutions architect?
I'm open to the right remote-only role. Let's connect.
connect on LinkedIn →