Created
September 13, 2020 19:13
-
-
Save hieplpvip/3c9a75e88154892f2493f7fcbde5a72a to your computer and use it in GitHub Desktop.
Dump macOS kernel log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
function dumpKernelLog(){ | |
bt=$(sysctl -n kern.boottime | sed 's/^.*} //') | |
bTm=$(echo "$bt" | awk '{print $2}') | |
bTd=$(echo "$bt" | awk '{print $3}') | |
bTt=$(echo "$bt" | awk '{print $4}') | |
bTy=$(echo "$bt" | awk '{print $5}') | |
bTm=$(awk -v "month=$bTm" 'BEGIN {months = "Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec"; print (index(months, month) + 3) / 4}') | |
bTm=$(printf %02d $bTm) | |
ep=$(/bin/date -jf '%H:%M:%S' $bTt '+%s') | |
cs=$((ep - 60 )) | |
bTt=$(/bin/date -r $cs '+%H:%M:%S') | |
stopTime=$(log show --debug --info --start "$bTy-$bTm-$bTd $bTt" | grep loginwindow | head -1) | |
stopTime="${stopTime% *}" | |
echo "Extract boot log from $bTy-$bTm-$bTd $bTt" | |
log show --debug --info --start "$bTy-$bTm-$bTd $bTt" | grep -E 'kernel:|loginwindow:' | sed -n -e "/kernel: PMAP: PCID enabled/,/$stopTime/ p" | |
} | |
# Dumping kernel log | |
echo -e "Dumping kernel log." | |
dumpKernelLog &> kernel_log.txt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment