XProCheck, T2M2, Ulbow, Consolation and log utilities

XProCheck – check on XProtect Remediator scans completed and reported in the log

xprocheck155
Updated! Inspects the Unified log for a period of 1-30 days and reports all completed and reported anti-malware scans by modules of XProtect Remediator. Enables you to confirm that scans are occurring, and whether any detect or remediate malware. New version improves analysis and reporting.
XProCheck 1.5 (Universal App for Catalina, Big Sur, Monterey, Ventura and Sonoma)

The Time Machine Mechanic (T2M2) – a quick but thorough check of Time Machine backing up

t2m2220
Updated T2M2 analyses your Mac’s logs to discover whether Time Machine backups have been running normally, reporting any worrying signs or errors. You don’t need to be able to read or understand logs to be able to check for problems now. Reports regularity of backups, free space, and more. Detailed Help book explains results and advises. New version requires Big Sur or later, backing up hourly to APFS, and is optimised for Sonoma. Updated for compatibility with older macOS and daily backups.
T2M2 1.19 (Universal App for Sierra, High Sierra, Mojave, Catalina, Big Sur, Monterey and Ventura)
T2M2 2.02 (Universal App for Big Sur, Monterey, Ventura and Sonoma)

Ulbow – a log browser designed for ease of use, for macOS Sierra to Ventura

ulbow101
ulbow1102
Updated! Ulbow is the simplest browser for the macOS Unified Log, without losing any of the power of Consolation 3. Uses similar libraries of predicates, filters (including regex), and styles to determine what is shown and how, it’s ideal for the casual user as well as log addicts. New feature to limit the number of entries displayed makes it instantly responsive and forgiving. New monospace font, can access logarchive and individual tracev3 log files from macOS, iOS, iPadOS, watchOS and tvOS. Exports extracts in plain text, Rich Text and CSV, has 7,000 word Help book, and libraries of pre-defined predicates, filters and styles. Update fixes bug in chart and frequency views and expands Help.
Ulbow 1.3 (Intel only for Sierra, High Sierra, Mojave, Catalina and Big Sur)
Ulbow 1.7 (Universal App for Sierra, High Sierra, Mojave, Catalina, Big Sur and Monterey)
Ulbow 1.10 (Universal App for High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura and Sonoma)

Mints – collection of custom log browsers and tools

Now has its own dedicated Product Page.

Consolation – a log browser for macOS Sierra to Ventura

consolation37a
Updated! Version 3 supports a custom library of predicates, custom display styles including colour, text filtering of the message content using regex or simple filters, and support for exporting and importing custom libraries. Newly added is support for Signposts in High Sierra and Mojave, as well as their additional keys and new log format, and it nows looks gorgeous in Dark Mode. This version fixes time formatting, and improves log command output.
Consolation 3.9 (Intel only for Sierra, High Sierra, Mojave, Catalina and Big Sur).
Consolation 3.13 (Universal App for Sierra, High Sierra, Mojave, Catalina, Big Sur, Monterey and Ventura)

consol2241
Consolation provides an accessible but powerful way to browse, search, and analyse entries in the new log system which have already been captured. This is not supported by Apple’s Console app. If you want to check that Time Machine backups have been made on time and without error, or get to the bottom of startup, extension, or many other problems, Consolation is the only practical tool to use. Version 2.3 improves generation of search predicates, works either with the live system log, or with saved logarchives, and can create logarchives. It also gives full access to logarchives captured from other Macs (running Sierra or High Sierra), iOS devices (10.10 and later), watchOS and tvOS with the unified log. Must be run as an admin user. Includes detailed and up-to-date 8 MB Help book with tutorials and unique reference content. Previous version, now unsupported.
Consolation 2.4 (Sierra and High Sierra only)

RouteMap and Whither – performance analysis for apps, scripts, and more

routemap02
RouteMap is opening the unified log and Mojave’s signposts for the harvesting and analysis of performance information. Whither is a simple app, supplied pre-built and in full sourcecode, which demonstrates how to access Signposts and regular log entries for harvesting and analysis. Whither writes conformant log entries which can already be accessed with Ulbow, Consolation 3 and RouteMap, which is now available in its fourth beta release, which calculates time properly on Apple Silicon Macs. These are bundled with Blowhole and tutorial docs in the Signpost Kit.
The Signpost Kit 2 (bundle for Sierra, High Sierra, Mojave and Catalina)
The Signpost Kit 3 (Universal App bundle for Sierra, High Sierra, Mojave, Catalina and Big Sur)
RouteMap 1.0b3 (Intel-only for Sierra, High Sierra, Mojave and Catalina)
RouteMap 1.0b4 (Universal App for Sierra, High Sierra, Mojave, Catalina, Big Sur and Monterey)

Woodpile – a new type of log browser, which explores long periods from the top down

woodpile72
Woodpile analyses records in any logarchive for the processes which write to the log most, and shows you for each selected process when they did so. This lets you examine those log files in more detail, to hone in on performance and other problems. A unique approach to the vast amounts of data stored in the new macOS log. Also shows important events like startup, creates frequency charts for custom processes, and links windows to a common time period. New beta release fixes a crashing bug which occurs rarely with certain styles.
Woodpile 1.0b6 (Sierra and High Sierra only)

RunConsolation – runs Consolation2 as root to enable log browsing when in normal user mode

RunConsolation is for those who log in as normal, rather than admin, users. It runs Consolation as root – which can be a significant security issue – but thereby enables it to obtain log messages. Caution required, but it does the job.
RunConsolation 1.1 (Sierra and High Sierra only)

MakeLogarchive – a utility for creating logarchives readable by Console from ‘live’ logs or raw log folders

mla23
This tool, in early development, copies the files and folders from /var/db or a copy of that, and places them in a logarchive format file so that they can be opened by Consolation, Console, or log. It now produces well-formed logarchive bundles, which can be used to browse pooled and individual tracev3 log files. It also catalogues the tracev3 log files in any well-formed log archive, showing start and end times for each. A new feature is statistical analysis of the log load of processes over periods of three months or more, giving new insights into those processes and user activity.
MakeLogarchive 0.5a1 (Sierra and High Sierra only)

RunT2M2 – runs T2M2 as root to enable assessment of Time Machine when in normal user mode

RunT2M2 is for those who log in as normal, rather than admin, users. It runs T2M2 as root – which can be a significant security issue – but thereby enables it to obtain and analyse log messages as needed to check Time Machine. Caution required, but it does the job.
RunT2M2 1.0 (Sierra and High Sierra only)

DispatchView – analyses the log for task dispatching issues

dispatchview11
DispatchView shows log entries for two key systems DAS and CTS whose failure can result in Time Machine backups becoming irregular or stopping altogether, and may be involved in apps or services stalling or behaving unreliably. It can save you lots of effort using Consolation. Future versions will automatically analyse the health of DAS/CTS too.
DispatchView 1.0 (Sierra and High Sierra only)

Blowhole – a command tool to write into the log in macOS Sierra and later

Blowhole is a command tool, which can be run in Terminal or called from any app or scripting language with support for calling command tools, which writes out an entry in Sierra’s new log system. Use this to check running of periodic tasks, or from any scripting language which does not have direct access to the new log. Version 11 is a Universal binary compatible with Sonoma.
Blowhole 9 (Intel-only for Sierra to Catalina)
Blowhole 10a (Universal binary for Sierra, High Sierra, Mojave, Catalina, Big Sur, Monterey and Ventura)
Blowhole 11 (Universal binary for Big Sur, Monterey, Ventura and Sonoma)

Known Issues:

T2M2 version 1.19 is now available
Bugs and problems in the log: updates for 6 apps
Big Sur can prevent Ulbow, Mints and T2M2 from browsing its log

Note that Consolation 2.4 is not known to be compatible with Mojave. Please use version 3, which is huge improvement anyway.
Woodpile remains incompatible with Mojave at present.

RouteMap 1.0b3 and earlier give incorrect time intervals when run on Apple Silicon Macs. Use version 1.0b4 or later.

Ulbow, Mints, Consolation, RouteMap and T2M2 need to be run from an admin user account to reliably obtain log extracts. This is a limitation imposed in the log show command in macOS. The latest versions of these apps won’t run when the current user isn’t a member of the admin group (80), but display an explanatory alert and quit.

When do you need to read the log?

T2M2 should now work better with macOS 11-13 and daily backups
T2M2 version 2.01 handles multiple errors better
The Time Machine Mechanic (T2M2) version 2 for APFS backups on Sonoma

What malware can macOS remove?
How to deal with XProtect Remediator (XPR) problems
Why macOS anti-malware scans can behave oddly
SilentKnight 2.5 and XProCheck 1.5 are better focussed
XProCheck 1.4 is easier to use and more nuanced
XProCheck 1.2 checks macOS malware scans better
XProCheck 1.1 can now run XProtect Remediator scans on demand
XProCheck: a new utility to inspect anti-malware scans
Interpreting XProCheck’s results and problems