TIL: Sysdiagnose

Ahmed Musaad
Ahmed Musaad
TIL: Sysdiagnose

I have to admit, I am still learning the basics of macOS. This means I come across so many new things every day, some of which are great tools. Today, I would like to share with you one of these tools that I found to be immensely helpful, sysdiagnose.

What is sysdiagnose?

Sysdiagnose is a diagnostic tool available on all Apple products. It collects information and logs from various parts of the systems to provide a full image of the system state at a certain point in time. The data collected is quite comprehensive and covers a wide range of aspects, some of which are:

  • PS output.
  • Comprehensive WiFi logs (status, security, arp, netstat, ifconfig, ...).
  • Top output.
  • System configuration (airport, boot, smb, networking, preferences, ...).
  • Mounted drives.
  • Kextstat output.
  • And much more ...

Using Sysdiagnose

Using this tool is quite straightforward, here are the steps:

  • Open your terminal.
  • Run the following command:
sudo sysdiagnose
  • Press Enter to continue
  • Once the tool finishes running, open the compressed file it generated and examine the various log files and information dumps.
  • Success!
~ sudo sysdiagnose 

This tool generates files that allow Apple to investigate issues with your
computer and help improve Apple products. The files might contain personal
information found on your device or associated with your iCloud accounts,
including but not limited to your name, serial numbers of your device,
your device name, your attached peripheral devices, your user name, your
email address and email settings, file paths, file names, Siri suggestions,
your computer's IP addresses, and network connection information.

This information is used by Apple in accordance with its privacy policy
(www.apple.com/privacy) and is not shared with any other company. By using
this tool and sending the results to Apple, you consent to Apple using the
contents of these files to improve Apple products.

Press 'Enter' to continue. Ctrl+\ to cancel.


What Can I Use This For?

You can use the information collected for a lot of things, depending on what you are trying to achieve. I use it to help with two tasks:

  • Security incident response.
  • Troubleshooting system issues.

Great! Next, complete checkout for full access to Ahmed Musaad
Welcome back! You've successfully signed in
You've successfully subscribed to Ahmed Musaad
Success! Your account is fully activated, you now have access to all content
Success! Your billing info has been updated
Your billing was not updated