On Android Kitkat, the SELinux audit log can be found here:
/data/misc/audit/audit.log
However, I cannot find this file on Android 5.0 (Nexus 5). Any idea where I can get the audit log?
Either kmsg or logcat; auditd was never officially merged (oem specific).
adb shell dmesg
or
adb logcat
Note that the logcat version is not formated in a way understandable by audit2allow but the dmesg output is.
The auditd code for Android (I am the author of) was never merged onto AOSP and thus mainline Android, it was rejected here:
https://android-review.googlesource.com/#/c/51651/
Some OEMs picked the change back from either there or here:
https://bitbucket.org/seandroid/system-core/commits/branch/seandroid-4.3
See commits:
11389
e2cfa
The current implementation that routes the logs into logcat is under Change-Id: I421bcf33e7e670d596628b1b5c7c25536ce2d3fe (I could not post more than 2 links, so google for Android-Review and copy the change id starting with the capital I into the Gerrit search box)
This worked for me.
dmesg | grep 'avc: '
Related
Logcat is filtering my logs, so I get only:
1234-1234/com.example.test I/chatty: uid=45678(com.example.test) identical 1 line
This is a serious issue for me, I tried applying the solutions suggested in other threads like
adb logcat -P ""
I also read the documentation (logcat --help and the "-P" option at official documentation like adb logcat -P 45678), but this also didn't help.
adb logcat -p shows that I whitelisted my app:
adb logcat -p
45678 (the UID of my app)
Still the logs are getting filtered. How can I fix that? I simply want no log filtering on my app during development.
My fault. I checked in Android Studio where I had the log leve filter set to "Info". The chatty message is "info" level, my log messages were "verbose" level. Actually I am getting both, my app log messages and the chatty messages...
Make sure to test without Android Studio using logcat: adb logcat and see if you see your log message. If that works, something is selected wrong in Android Studio like it was for me and by me.
I met a weird issue when I tried to search some logs during emulator booting.
When I create an emulator, the adb device started with "offline" first, then I type
adb logcat -v time | tee log1.txt
and adb will keep "wait-for-device" until the adb became online.
Then when the emulator boots up, I type adb logcat -v time | tee log2.txt again except the destination of the log file.
Now, I use vimdiff log1.txt log2.txt to compare these two logs and found log1 missed many logs as Log_Diff
I have no idea why some logs in log1.txt will missed.
Any ideas?
P.S. I am using Android 5.1-64bit Emulator in sdk.
After some research, finally I found the root cause in Android log daemon.
The main problem is the LogBufferElement is using a CLOCK_MONOTONIC timestamp as the sorting index.
When the timestamp of the multiple LogBufferElement are the same, LogReader may only dump the last entry. That's why some logs seem being lost.
AOSP Android 5.1 still had this issue, but Android 6.0 had fixed it.
You can refer to this patch.
Btw, I also did some modification for this patch.
The main reason is Android 6.0 supports the C++ 11 atomic std libs, but Android 5.1 is not yet. Some the atomic APIs need to roll back. (e.g. atomic_fetch_add_explicit())
I've been experiencing a great deal of instability on my Verizon Galaxy S III, and I believe it's related to the WiFi driver, or at least something in the networking stack. I get daily full system crashes that cause soft reboots of the OS.
In order to trace to the root of the issue, I'd like to see historical crash data for the Android OS. Please note that I am NOT developing an app, and I do not want instruction on how to use LogCat to trace issues within an in-development app. I want to see the Android system crash logs, but I'm not sure where to look for them.
After ANR happens, you would find call stack of related process at /data/anr/traces.txt
After application crashes, you might find call stack of crashed application under /data/tombstones directory.
See Android: How to get kernel logs after kernel panic?
It looks like /data/dontpanic/ should contain some "apanic" files, but only if the kernel's apanic support is enabled, and it worked. (I haven't seen anything there in my case, but maybe you'll be luckier than I ...)
crash report can be found at default path: /data/anr/
some manufacture place in custom path like: /data/system/ckerror
use cmd: adb pull /data/anr "dest path"
example:
in windows cmd prompt:
adb pull /data/anr c:\trace
The document states that
Android stores trace information when it experiences an ANR. On older OS releases, there's >a single /data/anr/traces.txt file on the device.
On newer OS releases, there are multiple >/data/anr/anr_* files. You can access ANR traces from a device or emulator by using >Android Debug Bridge (adb) as root:
adb root
adb shell ls /data/anr
adb pull /data/anr/<filename>
Usually the every crash is stored in traces.txt file under /data/anr/ folder of internal storage. Try checking this file.
I found a file call crash.txt inside the directory /data/Logging which seems to contain brief stack-traces from the last several crashes that occurred on the device.
I'm in trouble with my android device in which log folder under /dev is unreachable or maybe even does not exists.
$ pwd
pwd
/dev
$ cd log
cd log
cd: can't cd to log
$
So LogCat is out-of-service and I cannot view device's stdout or stderr logs in DDMS.
I googled a little bit and tried to find some information for about this problem:
http://developer.android.com/guide/developing/tools/adb.html#alternativebuffers
Viewing stdout and stderr topic seemed to be useful but this thread says it is unsupported :
Why is redirecting stdout/stderr on android not working?
Here is another one having the same problem:
"Unable to open log device '/dev/log/main': No such file or directory"
I found a temporary solution to dump my logs in a file on device manually but as usual I cannot monitor system just my application logs.
Is there any solution you can suggest? Any way to redirect stdout and stderr logs to files,console etc.?
Any kind of help will be appreciated.
Solution:
On call screen
type *#*#2846579#*#*
opens system management menu
Project menu -> background settings -> Log setting
Log level setting -> VERBOSE
Log switch -> LOG on
Dump and Log -> Checked all the boxes
Restart device.
Thats all.
What device is this? If it ships with Market, it must pass the CDD, and that includes having the development tools needed for app development which includes logcat support (though this just means the logcat command, technically the implementation could be different). For such a device the manufacturer must supply an update to make it compatible.
If it is not a compatible device, all bets are off, and you will just need to get help from the manufacturers or any hackers who are working with the device.
RunO NesrE - I finally found the solution to this.
There is a recent post on the xda-developers forum for a different Huawei phone with the same problem and it has a fix.
http://forum.xda-developers.com/showpost.php?p=17774398&postcount=93
It worked a treat on my Huawei Sonic (U8650).
I know that the boot up log can be obtained by pulling out contents of kmsg or dmesg through ADB.
But I'm not aware of how to retrieve the shutdown logs in Android as there's no /var folder in Android (place where most desktop linux distros generally store their shutdown logs).
So how can I obtain the shutdown logs in Android?
Look in some locations such as these:
/proc/last_kmsg
/data/tombstones/
/data/dontpanic/
/data/system/dropbox/
(This list isn't strictly kernel logs, including framework and application logs too, which are also sometimes of interest)
One work around I found for collecting shutdown logs in Android is to run adb pull /proc/kmsg C:\Logs.txt on the host PC and then switch off the device. You will get the logs till the USB communication between the host and the device snaps! I know this is only one case out of the numerous shutdown scenarios but I haven't found satisfactory answers for other cases!
TL;DR:
Run command through adb that copies logcat and proc/kmsg to a file and keep it running even when adb disconnects with nohup, disown or setsid. Probably needs busybox, needs root and adb root, too.
setsid cat proc/kmsg > /sdcard/kmsg.txt &
and
logcat -v long -f /sdcard/logcat.txt (somehow only works without setsid)
Or add normal copy commands to some startup script.
/TL;DR
You can constantly copy proc/kmsg and logcat to a file on your android device or a microSD card to get the logs even after adb disconnects.
You need root access and adb root access for this to work. For the latter, use the setting in the developer options if you have a custom rom or the adbd insecure app.
After using adb shell to get your android shell, type su to get superuser access.
Then you not only need to put an ampersand (&) after the command but also make sure that the command keeps running after adb disconnects. That is done by nohup, disown or setsid (see here for usage).
If it doesn't work because you don't have these commands, you need to install busybox.
See my question here.
See here for how to get logcat and kernel logs and print it to some file or merge it.
See developer.android.com/tools/help/logcat.html for parameters for the logcat command.
In the end you could have a command like setsid cat proc/kmsg > /sdcard/kmsg.txt & for the kernel messages.
For logcat you could have one of the following commands: logcat -v long -f /sdcard/logcat.txt or logcat -v long > /sdcard/logcat.txt
I don't know why, but sometimes it didn't work with setsid and just didn't copy continuously but stopped shortly after executing the command. In these situations, it also showed up when entering jobs, which it didn't otherwise. Then it just worked without setsid, it stayed alive after disconnecting and reconnecting. I guess you must just try when the file does keep getting larger. If someone figured out why it is behaving like it is... let me know and I'll edit the answer.
Probably adding the commands to a startup script could be a solution for some, too.
Hope this helps.
fightcookie
Newer phones do NOT use any of these locations so if you're reading this article then as of now
The kernel crash logs are now in /sys/fs/pstore instead of /proc/last_kmsg
I was looking for the same thing, and finally, I found the answer!
In android 8 all logs are located in \data\log\android_logs\... including apps and kernel logs. Kernel logs are called kmsgcat-log_timestamp_.gz
edit: Although this is a very old thread, I think the answer might be helpful.