Friday, May 29, 2015

logging - What is the format of Android's logs?



I'm trying to gather data about my phone by analyzing the log files in /dev/log. I'm specifically looking at /dev/log/main. I always thought that any sane log format would be plain text, yet these files appear to be either binary or in some character set that neither I nor my Linux text editors can identify.


What is the format?


Here are a couple of screenshots:




  • First, here's a snippet of the log as interpreted by vim (^@ refers to the null byte; I'm not sure about the other colored control sequences): vim




  • Next, this is what the log looks like in a hex editor: hex editor





I'm using a Galaxy Nexus running Jelly Bean. The logs were collected using root and a terminal emulator, since aLogcat doesn't seem to use root and thus can't access all logging info.



Answer



If you want sane information, I recommend sane commands :) (no offense meant, just kidding). So the question should read:



And now we are on the better side. There are multiple approaches which can be used:



  • utilize apps to display (color-coded) log information

  • utilize ADB (part of the Android SDK) to remotely extract the very same information

  • use ssh from remote (or a local terminal app) to aquire the information directly from the device



To fully handle this topic it takes more than this simple answer (if interested, you can e.g. find more detailed information on many web sites, or in Andrew Hoog's book Android Forensics: Investigation, Analysis and Mobile Security for Google Android, which I had the honour to translate into German. There are probably many other sources as well.


So I will just give a few examples here to get you started:


Utilizing apps


The probably best known app in this context is aLogcat, available for free in the playstore (and the dev will happily accept your donation for the other variant of the same app). You'll find a screenshot below1. The app allows you to filter the logs, to start/stop recording log messages, and even to store the recorded snippets to your SD-Card -- of course in plain text, as you requested.


Another app in this section is Log Collector, which simply tries to grab the entire available log and send it via the share menu2.


aLogCat Log Collector


The Android Debug Bridge (ADB)


The Android Software Development Kit (SDK) includes the adb command for various tasks. Amongst many others, it offers the adb shell to execute commands on the device. Using this, you can gather your desired log information as well: Just prefix below commands with adb shell.


Command prompt on the device



Using a terminal app (e.g. Android Terminal Emulator or Terminal IDE) you can access the logs directly at the command prompt, locally on your device. A little more comfortable, this can be done running a ssh server (e.g. DroidSSHd or DropBear SSH Server) on your device, and access it from your computer. This way you can work on a big screen, while investigating your logs.


Commands to access your log information


There are a lot of powerful commands you can use to access your log information from the command line, and I will only give a few examples here.


dmesg


The dmesg command extracts the kernel log:


$ dmesg
<6>[82839.126586] PM: Syncing filesystems ... done.
<7>[82839.189056] PM: Preparing system for mem sleep
<4>[82839.189361] Freezing user space processes ... (elapsed 0.05 seconds) done.
<4>[82839.240661] Freezing remaining freezable tasks ... (elapsed 0.00 seconds) done.

<7>[82839.242279] PM: Entering mem sleep
<4>[82839.242889] Suspending console(s) (use no_console_suspend to debug)
<7>[82839.252410] vfp_pm_save_context: saving vfp state
<6>[82839.252716] PM: Resume timer in 26 secs (864747 ticks at 32768 ticks/sec.)
<6>[82842.091369] Successfully put all powerdomains to target state
<6>[82842.092468] wakeup wake lock: wifi_wake

logcat


With logcat, you can access many logging information -- but most times, this will require root. It has some parameters to filter the information, e.g. by selecting the log buffer to read with -b. Please read the information provided on the developers page on logcat for details. To give you two examples: logcat -b events would list up events, or logcat -b radio information on your device's radio modul.


dumpsys and dumpstate



The two commands dumpsys and dumpstate give you detailed system information:


$ dumpsys
Currently running services:
LocationProxyService
SurfaceFlinger
accessibility
account
activity

DUMP OF SERVICE account:

Accounts: 1
Account {name=xxxxxxx@googlemail.com, type=com.google}

DUMP OF SERVICE alarm:

$ dumpstate
========================================================
== dumpstate: 2012-08-18 23:39:53
========================================================
Build: Gingerbread GWK74 - CyanogenMilestone2

Bootloader: 0x0000
Radio: unknown

------ MEMORY INFO (/proc/meminfo) ------
MemTotal: 487344 kB
MemFree: 10436 kB
Buffers: 14136 kB
Cached: 145460 kB



bugreport


And if you are too lazy to remember them all, simply use the bugreport command -- which calls all above and bundles it for a nice, humm, bug report to the developer...


Of course, you can redirect the output from all those commands to a file to copy to your computer, and in most cases you should do so -- as your screen buffer would be far too small to handle it all: bugreport > /mnt/sdcard/bugreport.txt would be one example for that part.


No comments:

Post a Comment

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...