Correlation between Mac OS X GUI actions and Logs
Solution 1:
There isn't a general way to do this.
Most of the things you do in the GUI don't run command-line tools, they use thing like system calls to do things directly. For example, when you run mkdir from the command line, it uses the mkdir() function to actually create the directory. Finder doesn't bother using the mkdir command, it simply calls mkdir() (or something equivalent) itself.
This causes two problems for what you want. First, system calls aren't generally logged; and second, there isn't always an easy way to figure out what command would do the equivalent thing (if there even is such a command -- there isn't always).
There are ways to get some info about what's going on behind the scenes of GUI programs, but they're not particularly easy to use (or interpret the output from).
The
fs_usagecommand will list file system events (including things like directory creation) as they happen... but a lot of file system events happen all the time, most of them completely irrelevant to what you're interested in. Filtering out what you care about tends to be tricky. And of course it's only useful if it's a file system event you care about.DTracecan be used to trace things like system calls in detail, if you know what calls you're interested in tracing. Recent versions of macOS restrict the ability to trace most Apple programs (Finder, System Preferences, ...), so you'll need to at-least-partly disable System Integrity Protection to use it effectively.