Working with ASL
Apple System Log is a framework for handling messages with more programmatic abstraction than the usual UNIX syslog. On the AppleTV, very few messages sent to syslogd end up in traditional logfiles located in /var/log. Most are recorded in a database, located at /var/log/asl.db
To view these messages, use the 'syslog' utility. 'syslog' with no arguments will display all the messages currently in the message database. This is equivalent to 'cat /var/log/messages'.
It seems as if the syslog utility does not come with an ATV 1.1. Normally the Tiger equivalent software works on an ATV, but the Tiger syslog does not read asl.db files.
passing a '-w' argument to syslog will cause it to watch as new messages are added to the datastore. This is equivalent to 'tail -f /var/log/messages'.
Matching specific keys
The man page for 'syslog' covers how to use aguments to match keys and format output.
As with other unix syslogs, the AppleTV's syslogd can be configured to send log messages to a remote host, which must also be running a syslogd. Adding a line such as:
will send all syslogged messages of level info and above to the syslogd running on host 192.168.0.1. See the man page for syslog.conf for more details. Please be aware that whitespace in syslog.conf must be tabs, not spaces!