Forensic Quandry-Trying to "update" a Unified Log archive from version 3 to 4 to parse on 10.15 and I'm getting different timestamps (albeit slightly different). Created via cp -R diagnostics/uuidtext. galaga.logarchive on 10.14 while galaga_manual.logarchive on 10.15. Thoughts?

FWIW - Everything else appears to be the same in the *.logarchive file other than Info.plist. Each logarchive was created exactly the same way on each OS version.

Update: If I change the version to a 2 (original log files came from 10.13), and use --force as it suggests (twice, and only ever twice) and upgrades it to a 4...and adds a timesync file/directory and timestamps appears sync up again.

Maybe it's just me, but 'log' doesn't seem to make logical sense across various versions. Are logarchive versions/macOS/iOS versions compiled anywhere?