by Suyash Dubey | Posted on August 7, 2020August 12, 2020 | 2 min Read Android Log Analysis Android uses a centralized system for all logs and application programmers can also write custom log messages. The tooling to develop Android applications allows you to define filters for the log statements you are interested in. Log analysis is a phase of development and developers encounter it from time to time. Bug log helps in identifying the bugs in the Android application while in the development phase. Once the app is released into the market, the support engineers analyze the bug logs to resolve the issue. There are for different types of Logs available in the Android Eco-System – Application Logs, Android System Logs, Event Logs & Radio Logs. The logging system consists of a kernel driver and kernel buffers for storing Android log messages, C, C++ and Java classes for making log entries and for accessing the log messages, a standalone program for viewing log messages (logcat) and the ability to view and filter the log messages from the host machine (via eclipse or ddms). There are four different log buffers in the Linux kernel, which provide logging for different parts of the system. Access to the different buffers is via device nodes in the file system, in /dev/log. The four Android log buffers are main, events, radio and system. The main log is for the application, events is for system event information, radio is for phone related information and system is low level system messages and debugging. Each message in the log consists of a tag indicating the part of the system or application that the message came from, a timestamp (at what time this message came), the message log level (or priority of the event represented by the message) and the log message itself (detail description of error or exception or information etc). What Each Android Log Type Contains: 1. Application log use android.util.Log class methods to write messages of different priority into the log Java classes declare their tag statically as a string, which they pass to the log method The log method used indicates the message “severity” (or log level) Messages can be filtered by tag or priority when the logs are processed by retrieval tools (logcat) 2. System log Use the android.util.Slog class to write message with different priority with its associated messages Many Android framework classes utilize the system log to keep their messages separate from (possibly noisy) application log messages A formatted message is delivered through the C/C++ library down to the kernel driver, which stores the message in the appropriate buffer(system buffer) 3. Event log Event logs messages are created using android.util.EventLog class, which create binary-formatted log messages. Log entries consist of binary tag codes, followed by binary parameters. The message tag codes are stored on the system at: /system/etc/event-log-tags. Each message has the string for the log message, as well as codes indicating the values associated with (stored with) that entry. 4. Radio log Used for radio and phone (modem) related information Log entries consist of binary tags code and message for Network info Logging system automatically routes messages with specific tags into the radio buffer Device Logs on pCloudy Platform. Device Logs Filter Options Log format on Android A common log format in android: tv_sectv_nsec priority pidtid tag messageLen Message tag: log tag tv_sec&tv_nsec: the timestamp of the log messages pid: the process id of where log messages come from tid: the thread id Priority value is one of the following character values, ordered from lowest to highest priority: V — Verbose (lowest priority)* D — Debug* I — Info* W — Warning* E — Error* F — Fatal* S — Silent (highest priority, on which nothing is ever printed) Log-File locations There are several directories where Android log (including those from crashes) stores and it are not standardized (i.e. some may be ROM-specific). I am putting some of common here. /data/anr : Dalvik writes stack traces here on ANR, i.e. “Application Not Responding” aka “Force-Close” /data/dontpanic : contains some crash logs including traces /data/kernelpanics :- Stores “kernel panic” related logs /data/tombstones :- may hold several tombstone_nn files (nn is a number from 0 to 10 and after 10 again repeat it) ‘Log’ command line tool To capture Android log from the devices/emulator Below is the some command line tool. In real life project there are log capture application/tool used to capture the logs on user device and shared it back to Developer/maintainer for analysis . adb logcat (shows all type logs for current android system adb logcat -v threadtime (it will include date and time) adb logcat -v threadtime> logfile.txt (Store logs in logfile.txt) Useful filter patterns You can use below filter in your adb command to filter logs. You can also use this filter to search your logs file(Android logs provided by user device). adb logcat -f Save all logs into a file adb logcat “*:E” Get all errors and fatals adb logcat | grep -i “foo.example.” #get all logs related to “foo.example.*” tagname adb logcat “application_or_tag_name:*” “*:S” Get all logs by application name adb logcat -b events “gsm_service_state_change” “*:S” Get all GSM state changes adb logcat -b radio Get all Radio events Log Analysis In this blog we got the basic understanding of the Android Log System. While analyzing the Android logs from your app you can divide it in two parts, debug Logs – file coming during development and testing phase and production Log – file coming directly from end user. The best way to do it is by using useful Filter Patterns and by using Some Tool like GoogleLogTool and SonyLogTool.