EasyCC
For adminsReference

Log locations

Where EasyCC writes logs on each OS.

EasyCC uses structured JSON logging via the Rust tracing crate. Logs are per-device and on disk. This page lists where they are and what's in them.

Paths

PlatformLog directory
Windows%LOCALAPPDATA%\com.easycc.app\logs\
macOS~/Library/Logs/com.easycc.app/
Linux(not supported in v1)

Log files are named by date: easycc-2026-04-19.jsonl. One file per day, rotated at midnight UTC.

Retention

AgeWhat
Today's logActive, being written to
1–30 days oldKept on disk
31+ days oldAuto-deleted on next launch

To extend retention, ship logs to your SIEM or backup target before they auto-delete. See "Shipping logs" below.

Format

Each line is a JSON object:

{
  "timestamp": "2026-04-19T18:32:14.123Z",
  "level": "INFO",
  "target": "easycc::commands::chat",
  "thread_id": "main",
  "msg": "Chat session created",
  "session_id": "abc123",
  "agent_path": "/Users/x/EasyCC/Marketing"
}

Fields are consistent across log entries. The target field tells you which subsystem wrote the line.

What's in the log

The kinds of events EasyCC logs:

CategoryExample targetsWhat's logged
App lifecycleeasycc::lib, easycc::mainStart, quit, init steps
Sign-ineasycc::authsign-in attempts, refreshes, sign-outs
Chateasycc::chat, easycc::commands::chatSession create/close, message send (no content), tool call counts
Fileseasycc::commands::filesFile reads/writes (paths only)
Historyeasycc::historyVersion saves, restores
Safety scannereasycc::safetyScan events, flags, blocks
Updateseasycc::updaterCheck, download, install
Bundle applyeasycc::bundleDiscovery, apply per section
Managed policyeasycc::managedPolicy fields read on launch
Telemetryeasycc::telemetryBatch sends (when telemetry on)
MCP serverseasycc::mcpServer starts, connection state
Networkeasycc::netOutbound URLs (no payloads)

What's NOT in the log

Never logged:

  • Chat message content
  • File content
  • Personal info beyond email (logged only for sign-in events)
  • API keys or tokens
  • Tool result bodies
  • Anything sensitive that EasyCC processes

The "no chat content" guarantee is intentional and audited. The log is meant for app debugging, not data analysis.

Verbose logs

By default, the log captures INFO-level and above. To enable DEBUG-level for a single launch:

ApproachHow
Launch flagEasyCC.exe --verbose-logs
Env varEASYCC_VERBOSE_LOGS=1 EasyCC.exe
SettingsSettings → Advanced → Verbose logging (persists across launches)

Verbose mode adds:

  • Per-IPC-call entries (which command, which agent)
  • Detailed safety scanner timing
  • Detailed update flow
  • MCP protocol exchanges (without payloads)

Verbose mode increases log size meaningfully (5–10x). Turn off when you're done debugging.

Reading the log

The log is JSONL — one JSON object per line. To read:

Tail in real time:

Get-Content -Path "$env:LOCALAPPDATA\com.easycc.app\logs\easycc-$(Get-Date -Format 'yyyy-MM-dd').jsonl" -Wait
tail -f ~/Library/Logs/com.easycc.app/easycc-$(date +%Y-%m-%d).jsonl

Filter by category:

grep '"target":"easycc::safety"' ~/Library/Logs/com.easycc.app/easycc-2026-04-19.jsonl | jq .

Find errors:

grep '"level":"ERROR"' ~/Library/Logs/com.easycc.app/easycc-2026-04-19.jsonl | jq .

Common queries

"What policies were applied on this launch?"

grep '"target":"easycc::managed"' ~/Library/Logs/com.easycc.app/easycc-$(date +%Y-%m-%d).jsonl | jq .

"Did the bundle apply succeed?"

grep '"target":"easycc::bundle"' ~/Library/Logs/com.easycc.app/easycc-$(date +%Y-%m-%d).jsonl | jq .

"Why did the update fail?"

grep '"target":"easycc::updater"' ~/Library/Logs/com.easycc.app/easycc-$(date +%Y-%m-%d).jsonl | jq 'select(.level == "ERROR" or .level == "WARN")'

"How many chats today?"

grep 'Chat session created' ~/Library/Logs/com.easycc.app/easycc-$(date +%Y-%m-%d).jsonl | wc -l

Shipping logs to a SIEM

For fleet-wide log aggregation, EasyCC's logs are standard JSON files — any log shipper picks them up:

  • Datadog Agent — point at the log directory; map target to a tag
  • Splunk Universal Forwarder — same
  • Filebeat (Elastic) — same
  • Cribl — same

Configure the shipper to read *.jsonl files in the log directory and forward to your collector.

For SOC 2 evidence, log shipping plus SIEM retention typically provides "centralized log retention for X days" coverage.

Diagnostic bundle

For one-off diagnostics — not fleet-wide aggregation — EasyCC can collect a diagnostic bundle that includes the relevant logs plus app state. See Diagnostic bundle.

Log size

Typical log size:

ActivityDaily log size
Light use (a few chats)10–100 KB
Active use (many chats, file ops)500 KB – 2 MB
Heavy use + verbose mode5–20 MB

After 30 days, oldest logs auto-delete. Total disk footprint is typically under 100 MB.

How is this guide?

Network endpoints

Hosts EasyCC reaches at runtime — for firewall allowlists.

ADML and ADMX

Where to find the Group Policy templates.

On this page

PathsRetentionFormatWhat's in the logWhat's NOT in the logVerbose logsReading the logCommon queries"What policies were applied on this launch?""Did the bundle apply succeed?""Why did the update fail?""How many chats today?"Shipping logs to a SIEMDiagnostic bundleLog size