Mac Equivalent of Event Viewer: How to Read System Logs on macOS

If you've spent years working on Windows infrastructure, Event Viewer is probably muscle memory at this point. Something breaks, you open Event Viewer, filter by Error, and start reading. The workflow is familiar enough that you can move fast even on a system you don't know well.

Then you sit down in front of a Mac. Something broke. Maybe an app keeps crashing, maybe a service stopped responding, maybe a user is reporting weird behavior you can't reproduce. You need to see what the system was doing. Where do you even start?

This guide walks through every option available on macOS for reading system logs, what each one is good for, and where each one falls short. By the end you'll have a clear picture of your options.

Where Are the Logs on Mac?

Since macOS Sierra (2016), Apple uses a system called Unified Logging. Instead of writing plain text files that you can open in a text editor, the OS stores log data in a compressed, structured binary format. The logs live in /var/db/diagnostics, but you can't read those files directly. They're not text. Opening them in TextEdit or even cat gives you garbage.

The /var/log directory still exists and has a few things in it, like install.log and some system files, but that's legacy territory. The real action is in the Unified Log, and you need a tool that understands the format to read it.

This is the first thing that trips up Windows admins. You can't just browse to a folder and open some .evtx files. You need to go through one of the three tools covered below.

Console.app: Apple's Built-In Tool

Console.app is the built-in log viewer that ships with macOS. You'll find it in /Applications/Utilities/, or just Spotlight-search for "Console." It reads the Unified Log and shows you a live stream of everything the system is doing.

It works. And if you need a quick one-off look at what's happening on a machine without installing anything, it's the right call. But it was clearly designed for Apple engineers who already know what they're looking for, not for people trying to investigate an unfamiliar system.

The first thing you notice is that there's no color coding. Every log entry looks identical regardless of whether it's a fatal fault or a routine debug message. Event Viewer shows you a red X for errors and a yellow triangle for warnings. Console.app shows you a wall of grey text where everything has equal visual weight.

The second thing is filtering. In Event Viewer you click "Error" and see errors. In Console.app, meaningful filtering requires predicate syntax. To see only errors from the last hour you'd write something like eventType == "logEvent" AND messageType == 16. That's not something you're going to know off the top of your head when you're trying to diagnose an incident at 2am.

Process names are also shown as raw identifiers. You'll see things like com.apple.WindowServer and com.apple.backupd rather than "Window Server" and "Time Machine." If you don't already know what those identifiers mean, the log is going to read like alphabet soup.

None of this makes Console.app bad. It makes it specialized. It's a tool built for people who already understand the macOS logging subsystem deeply. For someone coming from Windows, the learning curve is steep and the payoff is slow.

The Terminal Approach

The log command in Terminal is actually quite capable. Here are the basics:

# Show the last hour of logs
log show --last 1h

# Stream logs in real time
log stream

# Filter to a specific process
log show --last 30m --predicate 'process == "kernel"'

# Show only errors and faults
log show --last 1h --predicate 'messageType >= 16'

If you're comfortable on the command line, this is genuinely useful. You can pipe output to grep, combine predicates, redirect to a file for later review, or script it into broader diagnostic tooling.

The limitation is the same one that applies to all terminal-based log inspection: visual scanning is slow. When you're investigating an incident you often don't know what you're looking for yet. You need to scroll through a period of time, spot anomalies, jump to related entries, and build a mental picture of what the system was doing. That's hard to do in a terminal where everything is monospace text with no visual hierarchy.

The Terminal approach is great for scripting and automation. For interactive investigation, the friction adds up fast.

MacLogger: Built for This Exact Problem

I built MacLogger because I was running into this same wall repeatedly. I'd be doing Mac support or troubleshooting my own machine, need to look at system logs, and find that my options were either a tool built for Apple engineers or a command line that wasn't designed for interactive browsing.

MacLogger reads the same Unified Log data, but presents it the way Event Viewer would. Full-row color coding by severity so you can scan visually. A filter bar where you click "Fault" or "Error" to see only those entries. Process names translated to plain English. Time range selection that works like you'd expect.

The part that's become most useful day-to-day is the AI explainer. You click any log entry, hit "Explain This," and get three things back: what this specific event means in plain language, whether it's normal or worth investigating, and what to do about it if action is warranted. This closes the gap between seeing an unfamiliar log entry and understanding it, which is most of the friction when you're new to macOS logging.

MacLogger has a 7-day free trial. After that it's pay-what-you-want, starting at $2. No subscription, no account required. If you're regularly doing Mac sysadmin work or support, it pays for itself the first time you find something useful in under five minutes instead of thirty.

You can download it at jasonchotchkiss.github.io/MacLogger.

Quick Comparison

Here's how the four options stack up across the things that matter most when you're coming from a Windows background.

If you're already fluent on the Mac command line, log show with good predicates is a perfectly reasonable workflow. For everyone else, especially if you're used to Event Viewer's visual interface, MacLogger gets you to useful information faster.