LogLogger2: a basic tool to access Sierra’s logs

You’ll have gathered by now that macOS Sierra 10.12 shipped without any accessible way of browsing past events in your logs. Console 1.0 may have some powerful tools for searching and analysing log entries as they are recorded, but is next to useless if you want to see what happened a while ago.

The only tool in Sierra, at the moment, which does give access to the rich historical data is the command line tool log, which is daunting for many users, far from simple, and has its own bugs too.

I have now put together a little unsigned AppleScript app which should give most users much better access to log entries than anything else, and spares you from having to wrestle with Terminal. It’s called LogLogger2, and freely available here: loglogger2
If you want to distribute it more widely, please link to this page, with its detailed instructions and explanations. I don’t wish to prevent anyone from making copies available elsewhere, but it does not come with instructions.

It is an unsigned app, which uses Shane Stanley’s neat Dialog Toolkit v2.0.2 (which is included in the bundle, so that you do not have to install that separately). It is unsigned so that you can improve on it, and customise it as you wish – if I had signed it, that should break the signature. But it does mean that when you first run it after downloading, you will have to do so using the Finder’s Open command, or Gatekeeper will prevent it from running.

loglogshot1

When you start it, it presents a simple alert asking you to confirm that you wish to run the script. Obviously, you should click Run.

loglogshot2

You will then be prompted for the name of the text file into which the log excerpts will be written.

loglogshot3

It is then driven from this single dialog.

The first section sets any predicates to be used to filter the entries to be included in its output. If you just want Time Machine entries, leave the button set to that. If you want all log entries (beware: for any length of time the output file will be huge), set it to none.

The other three radio buttons require you to enter predicate information in the Criterion text box below.

subsystem uses a subsystem predicate like that shown for Time Machine. However, if you use this, the text entry should be of the filter criterion alone, in this case
com.apple.TimeMachine
and not the full predicate shown by default in that box.

message uses an eventMessage predicate, which is to be searched for in the message content of the log entries. Again, simply put the text to be found, such as
backup
which will generate the option
--predicate 'eventMessage contains "backup"'

other allows you to enter any other valid predicate which you wish, such as that shown by default: here you need to give the full predicate, which will simply be placed inside single quotes ” and prefaced by --predicate

The middle section concerns the style and formatting of the output. The standard is to use traditional system log style, similar to the previous Console app. You will probably want that with the trim feature turned on, to make the lines more compact. However, the default style is based on the new logs’ content, which is much more extensive and detailed. You will want to turn trimming off in that case. The final option for JSON format is valuable if you want to read the log output into another app which takes JSON format; don’t use trim with that, or it will become a real mess.

Normally you should include info messages. However, as that is the standard level of logging, it will probably make no difference whether that is checked or not.

The third section concerns the period of logs to cover. Because of bugs, using start and end times is very unreliable at present, and I therefore only offer the last period of time, which you set here. Units are selected from seconds, minutes, hours, or days, and given as an integer. In the example shown, this means 3 hours.

The final section allows you to add any other text you want to the log show command. If you want to try start and end times, this gives you the scope, but I do not recommend them.

After a few seconds or longer, the requested log excerpt should then be saved into your specified text output file. If you use the standard syslog style with trimming, the first line will normally be junk, thereafter it will look something like
2016-10-12 18:19:34.49 backupd[10374]: (TimeMachine) [com.apple.TimeMachine.TMLogInfo] Starting automatic backup
2016-10-12 18:19:34.77 backupd[10374]: (TimeMachine) [com.apple.TimeMachine.TMLogInfo] Backing up to /dev/disk3s2: /Volumes/PROMISE PEGASUS/Backups.backupdb
2016-10-12 18:19:35.60 UserEventAgent[66]: (TimeMachine) [com.apple.TimeMachine.TMLogError] Failed to send message because the port couldn't be created.
2016-10-12 18:19:37.66 backupd[10374]: (TimeMachine) [com.apple.TimeMachine.TMLogInfo] Will copy (75.4 MB) from Macintosh HD
2016-10-12 18:19:37.67 backupd[10374]: (TimeMachine) [com.apple.TimeMachine.TMLogInfo] Found 573 files (75.4 MB) needing backup

and so on.

I hope that you find this useful. If you have any problems, find bugs, or have any suggestions, please add them here as comments (or send them by email to me).