The item System Information lists technical details about the current computer system. This includes data not accessible by the System Information application of macOS.
The section Computer contains the name of the system as you have defined it (which may not be identical to the name used to identify this computer in the network), Apple’s official model name (also known as marketing name), a short description and a picture of this model series, the Apple model identifier which is the code Apple and macOS internally use to identify this series, the computer’s serial number, its unique hardware identification, and the week of production. If you are using a Macintosh model available in different colors, a small color field next to the line with the model identifier shows the color of the enclosure.
The second section Processor lists details about the processor configuration, as well as the available cache sizes. This includes the official processor model identification, the vendor identification, the number of processors, available processor cores and active cores, the information whether each core is capable of executing multiple threads of instructions (Simultaneous Multi-Threading, if active, the hardware will simulate twice the number of processors), the processor generation specifier for x86 systems which includes the family number, model number, stepping number (hardware version), and the decimal signature which compresses all identification code into one single number, the processor’s main clock frequency, the sizes of the level 1 caches (I for instructions, D for data), and the sizes of the level 2 and 3 caches.
The section Memory shows the size of physical memory (Random Access Memory, RAM) currently built into your computer and the optimum free size. This size specifies the small amount of physical memory the operating system should try to keep free for best performance. The optimum is reached when no RAM is wasted (nearly everything is in use), but a small remainder is left free for current handling. The line Addressable memory defines the size of physical and virtual memory the processor can internally manage. This does not mean that this amount could actually be used in practice. The number of slots available for memory modules and other limitations of the computer’s chipset will reduce these theoretical values. For more information on memory management, please also see the section Introduction to virtual memory.
The fourth section Logicboard contains detail data about the computer’s main logic board, namely the vendor information, its internal model code, and its serial number. This section also shows the version number of the System Management Controller (SMC) and its firmware. The SMC is an auxiliary processor which manages the computer’s internal sensors and its power management features. It operates the “always-on” parts of the system, still running when the actual computer is in sleep mode or shut down. It is also responsible to identify the computer as genuine Apple-branded product, constituting the main difference between a generic personal computer and a Macintosh.
A special detail sheet, available via the button Show management records lists technical information which has been stored into the management memory of the computer. It includes:
These management records are not computed by TinkerTool System but only retrieved by it. They have been stored by the manufacturer into the so-called System Management BIOS area of the system’s firmware when the computer was assembled. Some parts are also computed dynamically by macOS by retrieving the necessary data from the available hardware.
The last section Operation Environment summarizes the version information about the computer’s firmware, the Darwin operating system on which macOS and iOS are based, the kernel version and revision codes, as well as the operating system version and build numbers. The line Release Status indicates whether you are using an officially released version of the operating system, or a preview version from one of Apple’s software seeding programs.
Note that the source of the operating system is more important to define its release status than the version number. When you receive a specific system version as a pre-release copy, exactly the same system may later become the official version. So identical operating systems can sometimes be marked as official and sometimes as pre-release, depending on where they came from.
This section also shows the computer’s hardware setting for System Integrity Protection that is currently taking effect for the operating system. (For information on the technical background of this feature, please see the end of the chapter Basic Operations.) The feature can either be fully enabled, completely disabled, or enabled partially. In the partial case, TinkerTool System uses the following abbreviations to indicate which operations are permitted by the current computer settings:
All protection items not listed by TinkerTool System are in full effect. The exact meaning of these settings is defined by Apple and can be changed without notice.
The last line of the overview shows the start time of the operating system, both as absolute time and as interval that has passed since then, the so-called uptime.
It is possible to either print the contents of the main information window, or to save it into an HTML-based text file. Such documents can be used to automatically generate inventory records for all your computers. Press the buttons Print… or Save as text…, respectively. Created text files can be opened by any web browser or by the TextEdit application included with macOS.
The startup time of the system is a volatile item that is not included in text reports.
macOS offers multiple built-in security measures against malicious software (malware). One of these security features works like a virus scanner which automatically scans downloaded files, searching for known code patterns (signatures) in the background. Apple refers to this technology as Safe Downloads List. It is also known under the name XProtect. Its function is enabled by default. The virus signatures are automatically updated when the option Install system data files and security updates is enabled on the pane App Store in System Preferences. In addition to detecting malicious software, this component also monitors the version numbers of specific Internet plug-ins installed in the system. Such plug-ins are used by Internet browsers to support optional web technologies like Adobe® Flash® or Java™.
By use of the tab item Protection, you can review the current contents of the Safe Downloads List. The upper table shows the malicious programs which can be recognized by the operating system at the moment. The name of the malware, as defined by Apple, and the file types used for the distribution of the software are listed.
The lower table lists the Internet plug-ins which are monitored by the operating system, checking them for outdated versions. The name of each plug-in and the versions which are considered to be critical are shown.
Below the tables, TinkerTool System displays when Apple has revised the list for the last time, when the list has been transferred to this computer, and whether the system checks automatically if a new version of the list is available.
Please note the following points:
After you open the tab App Blacklist, TinkerTool System shows you the operating system’s currently list of known applications that should be excluded from using certain features, or should be prevented from running at all. This list is also updated when the option Install system data files and security updates is enabled on the pane App Store in System Preferences.
Three different types of blacklists are shown on this tab:
Each table has three columns with the following meaning:
You can override Apple’s recommendation to block applications from using certain features if you have reason to do so. In that case, perform the following steps:
Similar to the application blacklist, macOS also maintains multiple driver blacklists, or more exact, lists which automatically deactivate certain kernel extensions when they are detected in your system installation. Because kernel extensions can cause the entire operating system to fail or prevent the computer from starting up, all blacklist entries are always enforced. TinkerTool System shows two lists in separate tables.
The upper list shows kernel extensions which are known to cause a crash of specific versions of macOS. The extensions in this list cannot be easily identified by comparing version numbers or are comprised of multiple components, so macOS uses additional internal checks to verify if these files have cause problems on your system in the past.
The column Software component shows a readable description of the affected driver or extension, while the column Kernel Extension or other bundle to remove shows the file name used by macOS to recognize and delete the component.
The extensions listed in the lower table can be identified by version numbers. The column Identification shows the known bundle names, the column Affected versions the ranges of versions that must not be loaded by the current operating system.
Software publishers need explicit permission from Apple to develop kernel extensions. All extensions that don’t have this permission are additionally blocked automatically, so they don’t need to appear in this blacklist. The operating system only uses this blacklist to remove incompatible drivers in advance, for example when upgrading or migrating from a previous version of macOS, or when the security feature to ignore unauthorized kernel extensions has been switched off explicitly, for example on a developer computer. For more information, please also see the subsection on Security options in the chapter for the Startup pane.
After selecting the tab item Classic Logs & Reports, you will have direct access to a high number of log recordings kept by macOS and the macOS Server app. The operating system collects notification, warning and error messages in such files, especially for components of the system which don’t have a direct graphical user interface. Administrators can use this information to keep track and analyze problem situations which occurred in the past. The classic logs are simple text files which are filled line by line over time. Most services also note time and date in each line, so it becomes easier to understand the series of events that occurred.
The possibly available logs and reports are accessible via three pop-up buttons. The upper button Standard logs and reports allows you to select the most important log files maintained by macOS:
The second pop-up button named Server logs permits access to the log files collected by the server features of macOS. Some of the logs are only kept when you install the macOS Server app in addition to macOS and enable the corresponding services, but many logs apply to network service features of macOS in general. TinkerTool System automatically adds menu items to the pop-up button depending on what services are active on your system. The names of the logs and reports should be self-explanatory and are not repeated here. TinkerTool System groups the individual items into the following service categories:
(†) The categories marked with (†) are not available when running macOS High Sierra, because Apple has removed them from the corresponding server version macOS Server 5.5 or later.
The third pop-up button collects Other logs and reports. This includes known activity reports of macOS, e.g. related to the App Store, Disk Utility, the Resume feature, power down monitoring, etc., as well as unknown logs created by third-party applications. In the latter case, TinkerTool System cannot know the exact contents and meaning of the log files in advance, so the respective items are listed with their raw file names in the menu.
For security reasons, logs that may keep potentially confidential or security-critical information cannot be opened by every user. You must be logged in as administrative user to ensure that you are capable of seeing and opening the complete set of log files. TinkerTool System will give you a warning in this respect if you are not using an administrator account.
After you have selected a log category with one of the three buttons, the table will give you an overview of the available logs. Each one is listed with a short description, date and time, which usually corresponds with the last entry recorded in the log, and file size. Either double-click a listed entry or press the button Open to open the respective log. A text window will show you the contents of the selected log file. Note that you can open as many windows simultaneously as you like. The logs can also be printed or saved into text files, using the buttons at the lower right corner of each window.
If you assume that macOS has created new reports while TinkerTool System was running, press the button Rescan in the lower left corner of the tab item to update the pop-up buttons accordingly.
In addition to classic logging where message lines are added at the end of several text files, macOS supports a modern log technology, based on databases. They contain structured, compressed records which are distributed between files and main memory, depending on case.
The structure of today’s applications create new challenges:
When trying to diagnose problems with applications by the use of old-fashioned text reports, it can become difficult or even impossible to track related events between all those processes and threads. Their problem messages might have been recorded in chaotic order and it might not be clear how they are connected with each other. Generating text lines with detailed diagnostic information (which might not be needed under normal circumstances) puts the applications and the operating system under unnecessary stress.
macOS tries to solve these problems by establishing techniques which are more appropriate for current applications:
Activities contain a short clear-text description together with a numeric identifier. TinkerTool System shows an activity identifier as hexadecimal number with 16 digits. What to identify as separate activity and how to describe it is left to the author of the application that created an activity record.
Subsystem and category identifiers are also defined by the individual applications. So if you like to filter log messages associated with a specific software component, you’ll need information from the software developer what identifiers to use. Subsystem identifiers should be used to define a location within a program, e.g. a specific module. Category identifiers should be used to define a certain mode of operation, e.g. “test mode” or “network-related.”
TinkerTool System automatically analyzes your current operating system and tries to “guess” some of the most important subsystem identifiers. The names appear in the combo box at Filter by macOS logging subsystem identifier and can be selected as menu items. You can also overwrite the entry field and enter any other valid name not listed here.
macOS uses five different levels to define the role or severity of a log message:
TinkerTool System can be used to either
Apple has defined a specific file format, the macOS Log Archive with the name extension logarchive to transfer logging and tracing data between different macOS systems. The archives cannot be used directly with previous system generations (OS X or Mac OS X).
To work with modern macOS logs, perform the following steps:
By default, TinkerTool System will choose a time interval that includes the last two hours before the application was launched. To use a filter, enable the respective check mark, then enter the name or identification for this filter into the field right next to it.
It is not recommended to let TinkerTool System generate very large log texts. The system may have problems to format and show such a long text in a standard window within an acceptable time. For this reason, the application automatically limits text reports to half a million lines.
TinkerTool System uses the small icons shown next to the controls to also mark messages with the corresponding severity level or activity messages in the result text. The markers are shown at the beginning of the associated line.
The marker <private> in the log text indicates that the macOS logging subsystem has removed some information from the output, because the application which had logged the message did not explicitly confirm that the text can be considered public. The removed part might contain data which could affect a user’s privacy or could otherwise be subject to data protection. This behavior ensures that log excerpts can be transferred to third parties, respecting national data protection laws. TinkerTool System cannot make these “censored” parts visible.
You can save the generated log text by pressing the button Save… in the display sheet. It will be stored in plain text format, so it can be opened by any text editor.