Mac Logs – Quick Check

This isn’t something major.  But it was part of my initial playing around for checking if the clock had been rolled back.  I made this automator to see if there were any signs in system.log files of backwards date jumps.  Granted this is a real simple check.  It only looks for where the day number changes from the previous line.  Effectively showing if entries start showing up in the log files out of sequence.  I did not get into the much more troublesome checks for the month name or timestamp.  I just went after the day number.

You may need to run the archived logs from /var/log through bunzip first.  Then just examine each one in turn.  You can see the automator if you click more.  But the main snippet of code is a run script action.  It is just an awk statement.

awk ‘
$2 != prev
{diff=int(prev)-int($2); prev=$2}

