Yeelight log settings


i am working on a forensic project which aims to judge/evaluate forensic artifacts on a device. As device i’ve set up webthings with yeelight smart lights. I now try to understand the logs better. I’ve set up one log for brightness and one log for on/off information in den WebGUI. I do find the logs in:

  • .webthings/log/ as text
  • .webtings/log/ as sqlite3 db
    If i understand well, the run-app.log files contain information about tunnel services, addon management, certificates, errors and more. But I do not see any information on turning the device on/off or changing properties (unless the device is turned off and an error is returned). I do seem to find this information in the sqlite3 tables (metricsBool, metricsNumber).

Now is there a way to log the change properties to the run-app.log files? Or are they stored somewhere else and i just didnt find them?

Hi Matthias,

Welcome. The logs in .webthings/log are system logs generated for the WebThings application and add-ons. They’re only really intended for developers to debug things and are accessible via developer settings.
It isn’t possible to add logs to run-app.log without modifying the source code of a gateway or add-on.

I believe the data logs you add via the Logs screen in the UI are stored in ~/.webthings/log/logs.sqlite3 but are meant to be used via the logs UI, not read manually. There is an internal REST API used to generate the logs in the UI which is implemented in You might be able to re-use that API in an extension add-on if you want to use the logs differently, but be aware that the API is undocumented and subject to change.

Probably a better approach for your use case might be for you to listen to property changes via the propertyStatus messages in the Web Thing WebSocket API.

In the upcoming version 2.0 there may also be a Server-Sent Events based API you can use to observe properties.

Hope this helps.

It does indeed. Thank you very much for your answer and hints!

Hello again, I have another question regarding logging.

Let’s say some malicious person randomly steps by my webthings UI ( then they try to brute force their way into the application.

Would I find any information of this on my gateway-device? Or is this all handeled in the cloud (on webthings servers)?

No information like this is stored by the WebThings registration server. Authentication happens between a client and the gateway, the tunnelling service just provides an end to end encrypted tunnel over which this authentication takes place. As I understand it the WebThings server can’t access information that is transferred over that tunnel.

Detecting this kind of intrusion would probably require analysis of the system logs on the gateway.

Ok, thank you very much again. appreciate it a lot.