How to monitor what OpenClaw is doing on your computer: complete guide

OpenClaw can spin up browser sessions, hit your shell, and fire webhooks faster than you can type npm start. Useful, but also a little scary. This article shows, step-by-step, how to monitor what OpenClaw is doing on your computer so you can trust it—or catch it misbehaving.

Why observability matters before you grant OpenClaw root

OpenClaw’s agent gets the job done by holding a big bag of permissions: network, file system, sometimes even sudo in CI. If you can’t see what it does with those permissions, you’re flying blind. Attackers love blind spots; auditors hate them. We’ll fix that by wiring up logs, UI inspection, and system-level alerts.

Quick reference: default log locations

• Gateway web UI (the part you hit in the browser): ~/.openclaw/logs/gateway.log
• Daemon (the long-running agent): ~/.openclaw/logs/daemon.log
• Per-session traces: ~/.openclaw/sessions/<session-id>/trace.log
• Configurable via: OPENCLAW_LOG_DIR env var

If the directory doesn’t exist, you’re on a pre-0.30 build—upgrade. Log unification shipped in 0.30.2.

Real-time log monitoring with tail and pino-pretty

Both the daemon and gateway emit structured JSON using pino@8. Raw JSON is machine-friendly, human-hostile. Pipe it through pino-pretty for sanity:

# Install once npm i -g pino-pretty # Follow the daemon in another tab cd ~/.openclaw/logs tail -F daemon.log | pino-pretty

You’ll see lines like:

2024-06-02T12:55:31.812Z INFO task-runner shell exec "git status" (took 212ms)

Look for anything that shouldn’t run—rm -rf / is a pretty good red flag.

Using the Control UI activity view

The fastest non-terminal option is the Activity View shipped in 0.32.0. Open your Gateway (default http://localhost:5050), click the pulse icon in the left sidebar. You’ll get a live feed:

• Incoming messages (Slack, WhatsApp, REST)
• Tool invocations (Browser, Shell, Composio integrations)
• Errors with stack traces
• Memory writes and reads

The feed is just a thin wrapper around a WebSocket streaming /ws/activity. If you want to roll your own dashboard, connect a client and filter events.

Session replay with per-session logs

Each agent request spawns a session folder: ~/.openclaw/sessions/2024-06-02T12-55-abc123/. Inside:

• trace.log – full JSON timeline
• shell.sh – the exact shell script executed
• browser.har – network capture if the browser tool fired

You can replay a session by feeding trace.log back to the UI:

openclaw gateway --replay ~/.openclaw/sessions/<id>/trace.log

Handy for incident reviews.

Turning on verbose auditing

By default, the daemon logs at info. Crank it up without restarting:

# Send USR2 to the daemon process grep openclaw-daemon /proc/*/cmdline | cut -d':' -f1 | xargs -I{} kill -USR2 {}

USR2 toggles between info and debug in versions >=0.31. Older builds require OPENCLAW_LOG_LEVEL=debug and a restart.

System-level monitoring: auditd, osquery, and lsof

Application logs are nice. Attackers can tamper with them. Host-level telemetry catches modifications.

auditd rule examples (Linux only)

Add rules to watch every shell exec launched by the OpenClaw UID (replace 1001):

-w /usr/bin/bash -p x -k openclaw-shell -a always,exit -F uid=1001 -F path=/usr/bin/bash -S execve -k openclaw-shell

Restart auditd. Logs land in /var/log/audit/audit.log. Search:

aureport -k --key openclaw-shell

osquery schedule

If you already run Fleet, drop this schedule:

SELECT * FROM processes WHERE name = 'node' AND cmdline LIKE '%openclaw%';

Run every 30s and alert when the command line changes (hash mismatch).

Mac users: fs_usage and OpenBSM

macOS Ventura still ships fs_usage. Example:

sudo fs_usage -w -f filesys node | grep openclaw

For heavier duty, enable OpenBSM in /etc/security/audit_control.

Detecting unexpected outbound traffic

OpenClaw uses the network for obvious reasons: LLMs, tool APIs, chat bridges. Baseline the domains first:

• api.openai.com (if using OpenAI models)
• api.clawcloud.ai (only when connected to managed hosting)
• chat.slack.com, graph.facebook.com, etc. if you enabled those channels

Anything outside the baseline deserves scrutiny. Quick one-liner with lsof:

lsof -i -nP | grep `pgrep -f openclaw-daemon`

Or, continuous watch with netstat (Linux older than 3.0, use ss on new kernels):

watch -n2 'ss -tp state established | grep $(pgrep -f openclaw-daemon)'

Setting up alerts for unexpected actions

Reading logs after the fact is too late. Pipe signals to something noisy.

Option 1: Node event hooks (built-in)

Add a listener in bootstrap.js (supported since 0.33.0):

const { events } = require('openclaw'); // Fires whenever the shell tool executes events.on('tool.shell', (payload) => { if (/rm -rf/.test(payload.command)) { console.error('🚨 OpenClaw tried a destructive shell command'); process.exit(1); } });

You could also forward payload to PagerDuty via axios.

Option 2: Grafana Loki + promtail

Promtail ships a --log-file-path. Point it at ~/.openclaw/logs/*.log and build a Loki alert rule:

count_over_time({filename="daemon.log"} |= "ERROR"[1m]) > 0

Sends a PagerDuty event in <1min when OpenClaw throws.

Option 3: Filebeat → Elastic Security

Add a prospector:

filebeat.inputs: - type: log enabled: true paths: - ~/.openclaw/logs/daemon.log tags: ["openclaw"]

Use Kibana’s detection rules for suspicious command lines.

Hardening OpenClaw on your local machine

• Run the daemon under a dedicated Unix user with limited groups.
• Set OPENCLAW_ENABLE_SHELL=false unless you need shell access. (Introduced 0.34.0.)
• Use OPENCLAW_BROWSER_HEADLESS=true to avoid pop-up windows on production servers.
• Rotate logs weekly: add a /etc/logrotate.d/openclaw entry. Keep 4 weeks max.
• Encrypt ~/.openclaw/memory.sqlite with fscrypt or LUKS if the data is sensitive.
• Keep Node.js updated. OpenClaw requires 22+, but 22.3.1 patches CVE-2024-12345 (TLS leak).

FAQ: common monitoring questions

Can I send logs to CloudWatch?

Yes. Point the AWS CloudWatch agent at ~/.openclaw/logs/*. Users in the GitHub issues report success on Ubuntu 22.04 with cwagent 1.300031.0.

How noisy is debug level?

Roughly 500 KB per minute during heavy usage. Enable only when reproducing issues.

Is there any telemetry leaving my box?

No. OpenClaw core is self-hosted. The hosted version (ClawCloud) sends anonymized usage, but the CLI respects OPENCLAW_TELEMETRY=0.

Next steps: automate the trust loop

You now have logs, live tails, UI inspection, host auditing, and alerting. Wire them into your existing observability stack today, not "sometime next sprint". The moment OpenClaw pulls a weird domain or touches an off-limits directory, you should know before your security team does. Trust, but verify, and keep shipping.