XProCheck, T2M2, Ulbow, Consolation and log utilities

XProCheckcheck on XProtect Remediator scans completed and reported in the log

Updated! Inspects the Unified log for a period of 1-30 days and reports all completed and reported anti-malware scans by modules of XProtect Remediator. Enables you to confirm that scans are occurring, and whether any detect or remediate malware. New version improves analysis and reporting.
XProCheck 1.5 (Universal App for Catalina, Big Sur, Monterey and Ventura)

The Time Machine Mechanic (T2M2) – a quick but thorough check of Time Machine backing up

T2M2 analyses your logs to discover whether Time Machine backups have been running normally, reporting any worrying signs or errors. You don’t need to be able to read or understand logs to be able to check for problems now. Reports deep event traversals, compaction of volumes, regularity of backups, and more. Detailed Help book explains results and advises. New version fixes minor issues with Monterey and Big Sur.
T2M2 1.19 (Universal App for Sierra, High Sierra, Mojave, Catalina, Big Sur, Monterey and Ventura)

Ulbow – a log browser designed for ease of use, for macOS Sierra to Ventura

Updated! Ulbow is the simplest browser for the macOS Unified Log, without losing any of the power of Consolation 3. Uses similar libraries of predicates, filters (including regex), and styles to determine what is shown and how, it’s ideal for the casual user as well as log addicts. New feature to limit the number of entries displayed makes it instantly responsive and forgiving. New monospace font, can access logarchive and individual tracev3 log files from macOS, iOS, iPadOS, watchOS and tvOS. Exports extracts in plain text, Rich Text and CSV, has 7,000 word Help book, and libraries of pre-defined predicates, filters and styles. Update fixes bug in chart and frequency views and expands Help.
Ulbow 1.3 (Intel only for Sierra, High Sierra, Mojave, Catalina and Big Sur)
Ulbow 1.7 (Universal App for Sierra, High Sierra, Mojave, Catalina, Big Sur and Monterey)
Ulbow 1.10 (Universal App for High Sierra, Mojave, Catalina, Big Sur, Monterey and Ventura)

Mints – collection of custom log browsers and tools

Now has its own dedicated Product Page.

Consolation – a log browser for macOS Sierra to Ventura

Updated! Version 3 supports a custom library of predicates, custom display styles including colour, text filtering of the message content using regex or simple filters, and support for exporting and importing custom libraries. Newly added is support for Signposts in High Sierra and Mojave, as well as their additional keys and new log format, and it nows looks gorgeous in Dark Mode. This version fixes time formatting, and improves log command output.
Consolation 3.9 (Intel only for Sierra, High Sierra, Mojave, Catalina and Big Sur).
Consolation 3.13 (Universal App for Sierra, High Sierra, Mojave, Catalina, Big Sur, Monterey and Ventura)

Consolation provides an accessible but powerful way to browse, search, and analyse entries in the new log system which have already been captured. This is not supported by Apple’s Console app. If you want to check that Time Machine backups have been made on time and without error, or get to the bottom of startup, extension, or many other problems, Consolation is the only practical tool to use. Version 2.3 improves generation of search predicates, works either with the live system log, or with saved logarchives, and can create logarchives. It also gives full access to logarchives captured from other Macs (running Sierra or High Sierra), iOS devices (10.10 and later), watchOS and tvOS with the unified log. Must be run as an admin user. Includes detailed and up-to-date 8 MB Help book with tutorials and unique reference content. Previous version, now unsupported.
Consolation 2.4 (Sierra and High Sierra only)

RouteMap and Whither – performance analysis for apps, scripts, and more

RouteMap is opening the unified log and Mojave’s signposts for the harvesting and analysis of performance information. Whither is a simple app, supplied pre-built and in full sourcecode, which demonstrates how to access Signposts and regular log entries for harvesting and analysis. Whither writes conformant log entries which can already be accessed with Ulbow, Consolation 3 and RouteMap, which is now available in its fourth beta release, which calculates time properly on Apple Silicon Macs. These are bundled with Blowhole and tutorial docs in the Signpost Kit.
The Signpost Kit 2 (bundle for Sierra, High Sierra, Mojave and Catalina)
The Signpost Kit 3 (Universal App bundle for Sierra, High Sierra, Mojave, Catalina and Big Sur)
RouteMap 1.0b3 (Intel-only for Sierra, High Sierra, Mojave and Catalina)
RouteMap 1.0b4 (Universal App for Sierra, High Sierra, Mojave, Catalina, Big Sur and Monterey)

Woodpile – a new type of log browser, which explores long periods from the top down

Woodpile analyses records in any logarchive for the processes which write to the log most, and shows you for each selected process when they did so. This lets you examine those log files in more detail, to hone in on performance and other problems. A unique approach to the vast amounts of data stored in the new macOS log. Also shows important events like startup, creates frequency charts for custom processes, and links windows to a common time period. New beta release fixes a crashing bug which occurs rarely with certain styles.
Woodpile 1.0b6 (Sierra and High Sierra only)

RunConsolation – runs Consolation2 as root to enable log browsing when in normal user mode

RunConsolation is for those who log in as normal, rather than admin, users. It runs Consolation as root – which can be a significant security issue – but thereby enables it to obtain log messages. Caution required, but it does the job.
RunConsolation 1.1 (Sierra and High Sierra only)

MakeLogarchive – a utility for creating logarchives readable by Console from ‘live’ logs or raw log folders

This tool, in early development, copies the files and folders from /var/db or a copy of that, and places them in a logarchive format file so that they can be opened by Consolation, Console, or log. It now produces well-formed logarchive bundles, which can be used to browse pooled and individual tracev3 log files. It also catalogues the tracev3 log files in any well-formed log archive, showing start and end times for each. A new feature is statistical analysis of the log load of processes over periods of three months or more, giving new insights into those processes and user activity.
MakeLogarchive 0.5a1 (Sierra and High Sierra only)

RunT2M2 – runs T2M2 as root to enable assessment of Time Machine when in normal user mode

RunT2M2 is for those who log in as normal, rather than admin, users. It runs T2M2 as root – which can be a significant security issue – but thereby enables it to obtain and analyse log messages as needed to check Time Machine. Caution required, but it does the job.
RunT2M2 1.0 (Sierra and High Sierra only)

DispatchView – analyses the log for task dispatching issues

DispatchView shows log entries for two key systems DAS and CTS whose failure can result in Time Machine backups becoming irregular or stopping altogether, and may be involved in apps or services stalling or behaving unreliably. It can save you lots of effort using Consolation. Future versions will automatically analyse the health of DAS/CTS too.
DispatchView 1.0 (Sierra and High Sierra only)

Blowhole – a command tool to write into the log in macOS Sierra and later

Blowhole is a command tool, which can be run in Terminal or called from any app or scripting language with support for calling command tools, which writes out an entry in Sierra’s new log system. Use this to check running of periodic tasks, or from any scripting language which does not have direct access to the new log. Version 10 is a Universal binary to run native on all Macs.
Blowhole 9 (Intel-only for Sierra to Catalina)
Blowhole 10a (Universal binary for Sierra, High Sierra, Mojave, Catalina, Big Sur, Monterey and Ventura)

Known Issues:

T2M2 version 1.19 is now available
Bugs and problems in the log: updates for 6 apps
Big Sur can prevent Ulbow, Mints and T2M2 from browsing its log

Note that Consolation 2.4 is not known to be compatible with Mojave. Please use version 3, which is huge improvement anyway.
Woodpile remains incompatible with Mojave at present.

RouteMap 1.0b3 and earlier give incorrect time intervals when run on Apple Silicon Macs. Use version 1.0b4 or later.

Ulbow, Mints, Consolation, RouteMap and T2M2 need to be run from an admin user account to reliably obtain log extracts. This is a limitation imposed in the log show command in macOS. The latest versions of these apps won’t run when the current user isn’t a member of the admin group (80), but display an explanatory alert and quit.

SilentKnight 2.5 and XProCheck 1.5 are better focussed
XProCheck 1.4 is easier to use and more nuanced
XProCheck 1.2 checks macOS malware scans better
XProCheck 1.1 can now run XProtect Remediator scans on demand
XProCheck: a new utility to inspect anti-malware scans
Interpreting XProCheck’s results and problems

How some log entries vanish sooner than others

Consolation 3 and Ulbow: Saving a logarchive in Catalina – logarchives can’t be saved outside your startup volume because of privacy protection

When T2M2, Ulbow, Cirrus, or another log-based app returns an error

Log Literacy – new series helping you read the log

Gaining control over the log with a new version of Ulbow
Removing privacy censorship from the log
Log literacy: an essential skill for advanced users
Log literacy: Reducing log entries shown
Log Literacy: Navigation
Log literacy: all about the log
Log literacy: the power of message types, and Ulbow 1.10
Log Literacy: Extending Ulbow with predicates, filters & styles
Log Literacy: Hunting bugs with Ulbow’s Chart View

Backing up to network storage: checks and balances
Ulbow 1.8: a present for Boxing Day – fixes CSV output
How to find it in the log: 1 An introduction
Going beyond T2M2 with Mints: grokking Time Machine to APFS
Optimising performance with EtreCheckPro and Ulbow
Using blowhole to write to the log from scripts and apps, with a new Universal binary
What caused that kernel panic? How to use the log in diagnosis – tutorial using Ulbow
Why did that app crash? Getting to the bottom of the log with Ulbow
Finding your way around the log using Ulbow
Controlling what’s written to the unified log
How to get more detail in the log
How to reveal ‘private’ messages in the log
Spring Forward: how the log copes with summer time clock change
Want to access log files directly, or analyse logarchives? Try Ulbow 1.2b1
T2M2 version 1.14 is more forgiving
Starting up in Catalina: sequence and waypoints in the log
Diagnosing privacy protection problems in Catalina
Time Machine: past, present and future
Checking Time Machine in Mojave (and High Sierra) using T2M2 1.4
Browsing your log with Consolation 3, full release at last – introduction and setup
What to do when T2M2 or another log-based app returns an error
T2M2 now helps track free space on your backup volumes
T2M2 further improves strategy data for backups in Catalina

Time Machine explained

Time Machine 16: Reading a normal backup in Catalina using Mints
APFS changes in Big Sur: how Time Machine backs up to APFS, and more
How to make Time Machine backups to an APFS disk
Time Machine: 1 How it works, or fails to
Time Machine: 2 What it writes in the log
Time Machine: 3 Analysing automatic backups
Time Machine: 4 Problems with backups
Time Machine: 5 Changing Macs and more
Time Machine: 6 Networked storage
Time Machine: 7 Checking logs using Ulbow
Time Machine: 8 Preventing problems
Time Machine: 9 Inside backup support files
Time Machine: 10 Tools
Time Machine: 11 tmutil
Time Machine 12: Backups that never complete
Time Machine 13: Backups and versions
Duff disk or normal behaviour?
Time Machine 14: Diagnosing and working around slow backups
Checking backup transfer rates using T2M2 version 1.13
Time Machine 15: Large files including VMs
How to check the integrity of files in a Time Machine backup
Time Machine and snapshots

Ulbow tutorials

What caused that kernel panic? How to use the log in diagnosis – tutorial using Ulbow
Why did that app crash? Getting to the bottom of the log with Ulbow
Locating a problem in the log using Ulbow 1.1b3
Time Machine: 7 Checking logs using Ulbow
When did my Mac last start up, and why? An exploration with Ulbow

Consolation tutorials

Capturing the moment in your log: how to identify a problem
Consolation 3: log browser of choice for macOS 10.12-10.14
Investigating Time Machine errors with T2M2 and Consolation 3
Investigating a crash using Consolation 3
macOS Unified log: 1 why, what and how
macOS Unified log: 2 content and extraction
macOS Unified log: 3 finding your way
What to do when your log returns an error
How Mojave changes the unified log
Unified but not uniform: how the log has changed
Is the unified log private, or a vulnerability?
How to browse the log on an iOS device
What’s the time, Mr Mac? How summer time confuses macOS


Measuring performance of code using RouteMap, now a Universal App
How quickly can apps and scripts write to the log?
Interested in performance? Updated Signpost tools now available
Quantum mechanics and Mojave – performance measurement, Signposts, and the log
Taking macOS to the end of time: nanoseconds count
Signposts for performance: 1 introduction
Signposts for performance: 2 Instruments
Updates all round to Blowhole, RouteMap, and the Signpost Kit
Working around a bug recently introduced into Mojave: When Signposts point the wrong way