Android Log Analysis — pCloudy
Android Log Analysis
Android uses a centralized system for all logs and application programmers can also write custom log messages. The tooling to develop Android applications allows you to define filters for the log statements you are interested in. Log analysis is a phase of development and developers encounter it from time to time. Bug log helps in identifying the bugs in the Android application while in the development phase. Once the app is released into the market, the support engineers analyze the bug logs to resolve the issue. There are for different types of Logs available in the Android Eco-System — Application Logs, Android System Logs, Event Logs & Radio Logs.
The logging system consists of a kernel driver and kernel buffers for storing Android log messages, C, C++ and Java classes for making log entries and for accessing the log messages, a standalone program for viewing log messages (logcat) and the ability to view and filter the log messages from the host machine (via eclipse or ddms).
There are four different log buffers in the Linux kernel, which provide logging for different parts of the system. Access to the different buffers is via device nodes in the file system, in /dev/log. The four Android log buffers are main, events, radio and system. The main log is for the application, events is for system event information, radio is for phone related information and system is low level system messages and debugging.
Each message in the log consists of a tag indicating the part of the system or application that the message came from, a timestamp (at what time this message came), the message log level (or priority of the event represented by the message) and the log message itself (detail description of error or exception or information etc).
What Each Android Log Type Contains:
1. Application log
use android.util.Log class methods to write messages of different priority into the log
Java classes declare their tag statically as a string, which they pass to the log method
The log method used indicates the message “severity” (or log level)
Messages can be filtered by tag or priority when the logs are processed by retrieval tools (logcat)
2. System log
Use the android.util.Slog class to write message with different priority with its associated messages
Many Android framework classes utilize the system log to keep their messages separate from (possibly noisy) application log messages
A formatted message is delivered through the C/C++ library down to the kernel driver, which stores the message in the appropriate buffer(system buffer)
3. Event log
Event logs messages are created using android.util.EventLog class, which create binary-formatted log messages.
Log entries consist of binary tag codes, followed by binary parameters.
The message tag codes are stored on the system at: /system/etc/event-log-tags.
Each message has the string for the log message, as well as codes indicating the values associated with (stored with) that entry.
4. Radio log
Used for radio and phone (modem) related information
Log entries consist of binary tags code and message for Network info
Logging system automatically routes messages with specific tags into the radio buffer
Device Logs on pCloudy Platform.
Log format on Android
A common log format in android:
tv_sectv_nsec priority pidtid tag messageLen Message
tag: log tag
tv_sec&tv_nsec: the timestamp of the log messages
pid: the process id of where log messages come from
tid: the thread id
Priority value is one of the following character values, ordered from lowest to highest priority:
V — Verbose (lowest priority)*
D — Debug*
I — Info*
W — Warning*
E — Error*
F — Fatal*
S — Silent (highest priority, on which nothing is ever printed)
There are several directories where Android log (including those from crashes) stores and it are not standardized (i.e. some may be ROM-specific). I am putting some of common here.
/data/anr : Dalvik writes stack traces here on ANR, i.e. “Application Not Responding” aka “Force-Close”
/data/dontpanic : contains some crash logs including traces
/data/kernelpanics :- Stores “kernel panic” related logs
/data/tombstones :- may hold several tombstone_nn files (nn is a number from 0 to 10 and after 10 again repeat it)
‘Log’ command line tool
To capture Android log from the devices/emulator Below is the some command line tool. In real life project there are log capture application/tool used to capture the logs on user device and shared it back to Developer/maintainer for analysis .
adb logcat (shows all type logs for current android system
adb logcat -v threadtime (it will include date and time)
adb logcat -v threadtime> logfile.txt (Store logs in logfile.txt)
Useful filter patterns
You can use below filter in your adb command to filter logs. You can also use this filter to search your logs file(Android logs provided by user device).
adb logcat -f Save all logs into a file
adb logcat “*:E” Get all errors and fatals
adb logcat | grep -i “foo.example.” #get all logs related to “foo.example.*” tagname
adb logcat “application_or_tag_name:*” “*:S” Get all logs by application name
adb logcat -b events “gsm_service_state_change” “*:S” Get all GSM state changes
adb logcat -b radio Get all Radio events
In this blog we got the basic understanding of the Android Log System. While analyzing the Android logs from your app you can divide it in two parts, debug Logs — file coming during development andtesting phase and production Log — file coming directly from end user. The best way to do it is by using useful Filter Patterns and by using Some Tool like GoogleLogTool and SonyLogTool.
Originally published at https://www.pcloudy.com on August 7, 2020.