How to forward Android syslog to logFaces?

Logs can be invaluable in resolving complicated problems when developing mobile apps. Android OS generates a large amount of log data, some are verbose and can be used for troubleshooting.

There are conventional tools for capturing Android log files, however it is also possible to forward the logs, in real time, to a remote syslog server, such as logFaces. Then use logFaces client for making sense out of the logs. It is very convenient to use.

So how this can be set up?

1. Setup a syslog receiver on logFaces server. Go to admin connectivity page and add syslog receiver. Details on setting up receivers can be found in user manual.

2. Setup an app to forward the logs from your Android device to the remote server, for example Logcat to UDP. Download it, install it on your device and direct the traffic to the logFaces host and receiver port.

3. Add a permission for the "Logcat to UDP" to access the logs on your device like this:
'adb shell pm grant sk.madzik.android.logcatudp android.permission.READ_LOGS'

After this setup, open logFaces client and create a real-time perspective for tracing the logs. If everything is working, you will see lots of chatting going on from Android device.

Many Android phones generate syslog data in a non-standard format, you may want to use regular expression patterns in the receivers in order to capture and structure this log data. Do the adb logcat to capture the syslog from the connected device and you will see something like this.

The parts are "month-day time process thread priority source: message". This data can be captured with regex patterns and indexed by the server for searching and filtering. The way you construct the pattern is up to you, the details about working with regex patterns are in user manual, see the section titled "Working with regular expressions".

Once you create the pattern to use, add it to the receiver configuration on your server. When all the pieces fit together, you will see the logs from your phone, which in my case look like this. And if this information gets into the database, you will be able to query and analyze it.

Using logFaces client without the server

Syslog stream can also be relayed directly to logFaces client even without its server and receivers setup. Run the client in so called "server mode" as shown below. Make sure to select the UDP port corresponding to the one of the forwarder. The disadvantage of this approach is that received data is raw and not saved into the database. Oftentimes it is good enough: