← All tools

UnifiedLogReader

https://github.com/ydkhatri/UnifiedLogReader

Open Source

Categories

Forensics

Description

A parser for Unified logging tracev3 files

Keywords

forensics macos tracev3 unifiedlogs python

Example Usage

G:\>c:\Python37-32\python.exe c:\Github\UnifiedLogReader\UnifiedLogReader.py -h
usage: UnifiedLogReader.py [-h] [-f OUTPUT_FORMAT] [-l LOG_LEVEL]
                           uuidtext_path timesync_path tracev3_path
                           output_path

UnifiedLogReader is a tool to read macOS Unified Logging tracev3 files.
This is version 0.3 tested on macOS 10.12.5 - 10.15 and iOS 12.

Notes:
-----
If you have a .logarchive, then point uuidtext_path to the .logarchive folder,
 the timesync folder is within the logarchive folder

positional arguments:
  uuidtext_path         Path to uuidtext folder (/var/db/uuidtext)
  timesync_path         Path to timesync folder (/var/db/diagnostics/timesync)
  tracev3_path          Path to either tracev3 file or folder to recurse (/var/db/diagnostics)
  output_path           An existing folder where output will be saved

optional arguments:
  -h, --help            show this help message and exit
  -f OUTPUT_FORMAT, --output_format OUTPUT_FORMAT
                        SQLITE, TSV_ALL, LOG_DEFAULT  (Default is LOG_DEFAULT)
  -l LOG_LEVEL, --log_level LOG_LEVEL
                        Log levels: INFO, DEBUG, WARNING, ERROR (Default is INFO)