精华内容
下载资源
问答
  • eventlog.zip

    2019-11-28 10:54:39
    eventlog 安装包 0.2.12 版本,附带安装配置文档,亲测可用 安装 syslog-ng 必备
  • Eventlog powershell

    2011-05-26 15:19:56
    Eventlog powershell 用 powershell 来获取Eventlog
  • powershell-EventLog获取

    2019-12-05 11:09:50
    获取系统EventLog方法有很多种,如Python中可以使用Win32获取,PowerShell也可以通过命令去获取EventLog,查询相关的EventID
  • Windows2016 EventLog Analyzer安装部署 1.产品概览 2.功能介绍 3.版本对比 4.硬件要求 5.操作系统要求 6.安装Windows Server 2016 7.EventLog Analyzer使用的端口 8.部署EventLog Analyzer 9.应用EventLog Analyzer
  • eventlog_backups.reg

    2021-06-02 23:32:08
    eventlog_backups.reg
  • Android event log 说明

    千次阅读 2017-05-05 11:17:33
    目录1. Android 系统中对于 event log ...1. Android 系统中对于 event log 的定义文件Android event log 定义文件位于:system/core/logcat/event.logtags 在 tag 名称之后,通常会有一个 tag 的描述,格式如下:(<na

    目录

    1. Android 系统中对于 event log 的定义文件
    2. event 的类别
    3. 手机中查看 event log 事件信息

    1. Android 系统中对于 event log 的定义文件

    Android event log 定义文件位于:system/core/logcat/event.logtags
    在 tag 名称之后,通常会有一个 tag 的描述,格式如下:

    (<name>|data type[|data unit])
    The data type is a number from the following values:
    1: int
    2: long
    3: string
    4: list
    5: float
    
    The data unit is a number taken from the following list:
    1: Number of objects
    2: Number of bytes
    3: Number of milliseconds
    4: Number of allocations
    5: Id
    6: Percent
    Default value for data of type int/long is 2 (bytes).
    

    多个值用逗号分割

    ### 2. event 的类别 通过搜索 event.logtags 可以找到[以下文件](http://androidxref.com/7.1.1_r6/search?q=event.logtags&defs=&refs=&path=&hist=&project=frameworks):
    /frameworks/base/packages/SettingsProvider/src/com/android/providers/settings/
    H A D	EventLogTags.logtags	1 # See system/core/logcat/event.logtags for a description of the format of this file.
    /frameworks/base/core/java/android/app/admin/
    H A D	SecurityLogTags.logtags	1 # See system/core/logcat/event.logtags for a description of the format of this file.
    /frameworks/base/core/java/android/webkit/
    H A D	EventLogTags.logtags	1 # See system/core/logcat/event.logtags for a description of the format of this file.
    /frameworks/base/core/java/com/android/internal/logging/
    H A D	EventLogTags.logtags	1 # See system/core/logcat/event.logtags for a description of the format of this file.
    /frameworks/base/core/java/android/content/
    H A D	EventLogTags.logtags	1 # See system/core/logcat/event.logtags for a description of the format of this file.
    /frameworks/base/core/java/android/speech/tts/
    H A D	EventLogTags.logtags	1 # See system/core/logcat/event.logtags for a description of the format of this file.
    /frameworks/native/services/surfaceflinger/EventLog/
    H A D	EventLogTags.logtags	34 # See system/core/logcat/event.logtags for the master copy of the tags.
    /frameworks/opt/telephony/src/java/com/android/internal/telephony/
    H A D	EventLogTags.logtags	1 # See system/core/logcat/event.logtags for a description of the format of this file.
    /frameworks/ex/common/java/com/android/common/
    H A D	GoogleLogTags.logtags	22 # See system/core/logcat/event.logtags for a description of the file format.
    /frameworks/base/packages/SystemUI/src/com/android/systemui/
    H A D	EventLogTags.logtags	1 # See system/core/logcat/event.logtags for a description of the format of this file.
    /frameworks/base/services/core/java/com/android/server/am/
    H A D	EventLogTags.logtags	1 # See system/core/logcat/event.logtags for a description of the format of this file.
    /frameworks/base/services/core/java/com/android/server/
    H A D	EventLogTags.logtags	1 # See system/core/logcat/event.logtags for a description of the format of this file.
    

    以常见的 ActivityManager 的 event log 来进行解读:

    # An activity is being finished:
    30001 am_finish_activity (User|1|5),(Token|1|5),(Task ID|1|5),(Component Name|3),(Reason|3)
    # A task is being brought to the front of the screen:
    30002 am_task_to_front (User|1|5),(Task|1|5)
    # An existing activity is being given a new intent:
    30003 am_new_intent (User|1|5),(Token|1|5),(Task ID|1|5),(Component Name|3),(Action|3),(MIME Type|3),(URI|3),(Flags|1|5)
    # A new task is being created:
    30004 am_create_task (User|1|5),(Task ID|1|5)
    # A new activity is being created in an existing task:
    30005 am_create_activity (User|1|5),(Token|1|5),(Task ID|1|5),(Component Name|3),(Action|3),(MIME Type|3),(URI|3),(Flags|1|5)
    # An activity has been resumed into the foreground but was not already running:
    30006 am_restart_activity (User|1|5),(Token|1|5),(Task ID|1|5),(Component Name|3)
    # An activity has been resumed and is now in the foreground:
    30007 am_resume_activity (User|1|5),(Token|1|5),(Task ID|1|5),(Component Name|3)
    # Application Not Responding
    30008 am_anr (User|1|5),(pid|1|5),(Package Name|3),(Flags|1|5),(reason|3)
    # Activity launch time
    30009 am_activity_launch_time (User|1|5),(Token|1|5),(Component Name|3),(time|2|3)
    # Application process bound to work
    30010 am_proc_bound (User|1|5),(PID|1|5),(Process Name|3)
    # Application process died
    30011 am_proc_died (User|1|5),(PID|1|5),(Process Name|3)
    # The Activity Manager failed to pause the given activity.
    30012 am_failed_to_pause (User|1|5),(Token|1|5),(Wanting to pause|3),(Currently pausing|3)
    # Attempting to pause the current activity
    30013 am_pause_activity (User|1|5),(Token|1|5),(Component Name|3)
    # Application process has been started
    30014 am_proc_start (User|1|5),(PID|1|5),(UID|1|5),(Process Name|3),(Type|3),(Component|3)
    # An application process has been marked as bad
    30015 am_proc_bad (User|1|5),(UID|1|5),(Process Name|3)
    # An application process that was bad is now marked as good
    30016 am_proc_good (User|1|5),(UID|1|5),(Process Name|3)
    # Reporting to applications that memory is low
    30017 am_low_memory (Num Processes|1|1)
    # An activity is being destroyed:
    30018 am_destroy_activity (User|1|5),(Token|1|5),(Task ID|1|5),(Component Name|3),(Reason|3)
    # An activity has been relaunched, resumed, and is now in the foreground:
    30019 am_relaunch_resume_activity (User|1|5),(Token|1|5),(Task ID|1|5),(Component Name|3)
    # An activity has been relaunched:
    30020 am_relaunch_activity (User|1|5),(Token|1|5),(Task ID|1|5),(Component Name|3)
    # The activity's onPause has been called.
    30021 am_on_paused_called (User|1|5),(Component Name|3),(Reason|3)
    # The activity's onResume has been called.
    30022 am_on_resume_called (User|1|5),(Component Name|3),(Reason|3)
    # Kill a process to reclaim memory.
    30023 am_kill (User|1|5),(PID|1|5),(Process Name|3),(OomAdj|1|5),(Reason|3)
    # Discard an undelivered serialized broadcast (timeout/ANR/crash)
    30024 am_broadcast_discard_filter (User|1|5),(Broadcast|1|5),(Action|3),(Receiver Number|1|1),(BroadcastFilter|1|5)
    30025 am_broadcast_discard_app (User|1|5),(Broadcast|1|5),(Action|3),(Receiver Number|1|1),(App|3)
    # A service is being created
    30030 am_create_service (User|1|5),(Service Record|1|5),(Name|3),(UID|1|5),(PID|1|5)
    # A service is being destroyed
    30031 am_destroy_service (User|1|5),(Service Record|1|5),(PID|1|5)
    # A process has crashed too many times, it is being cleared
    30032 am_process_crashed_too_much (User|1|5),(Name|3),(PID|1|5)
    # An unknown process is trying to attach to the activity manager
    30033 am_drop_process (PID|1|5)
    # A service has crashed too many times, it is being stopped
    30034 am_service_crashed_too_much (User|1|5),(Crash Count|1|1),(Component Name|3),(PID|1|5)
    # A service is going to be restarted after its process went away
    30035 am_schedule_service_restart (User|1|5),(Component Name|3),(Time|2|3)
    # A client was waiting for a content provider, but its process was lost
    30036 am_provider_lost_process (User|1|5),(Package Name|3),(UID|1|5),(Name|3)
    # The activity manager gave up on a new process taking too long to start
    30037 am_process_start_timeout (User|1|5),(PID|1|5),(UID|1|5),(Process Name|3)
    
    # Unhandled exception
    30039 am_crash (User|1|5),(PID|1|5),(Process Name|3),(Flags|1|5),(Exception|3),(Message|3),(File|3),(Line|1|5)
    # Log.wtf() called
    30040 am_wtf (User|1|5),(PID|1|5),(Process Name|3),(Flags|1|5),(Tag|3),(Message|3)
    
    # User switched
    30041 am_switch_user (id|1|5)
    
    # Activity fully drawn time
    30042 am_activity_fully_drawn_time (User|1|5),(Token|1|5),(Component Name|3),(time|2|3)
    
    # Activity focused
    30043 am_focused_activity (User|1|5),(Component Name|3),(Reason|3)
    
    # Stack focus
    30044 am_focused_stack (User|1|5),(Focused Stack Id|1|5),(Last Focused Stack Id|1|5),(Reason|3)
    
    # Running pre boot receiver
    30045 am_pre_boot (User|1|5),(Package|3)
    
    # Report collection of global memory state
    30046 am_meminfo (Cached|2|2),(Free|2|2),(Zram|2|2),(Kernel|2|2),(Native|2|2)
    # Report collection of memory used by a process
    30047 am_pss (Pid|1|5),(UID|1|5),(Process Name|3),(Pss|2|2),(Uss|2|2),(SwapPss|2|2)
    
    # Attempting to stop an activity
    30048 am_stop_activity (User|1|5),(Token|1|5),(Component Name|3)
    # The activity's onStop has been called.
    30049 am_on_stop_called (User|1|5),(Component Name|3),(Reason|3)
    
    # Report changing memory conditions (Values are ProcessStats.ADJ_MEM_FACTOR* constants)
    30050 am_mem_factor (Current|1|5),(Previous|1|5)
    


    30001 am_finish_activity (User|1|5),(Token|1|5),(Task ID|1|5),(Component Name|3),(Reason|3)
    为例说明,这一句对应 log
    I/am_finish_activity( 2878): [0,149956396,1985,com.android.settings/.Settings,app-request]
    com.android.settings包中的Settings结束,其中用户 id 为 0(系统),Token 为 149956396,任务 id 1985,结束原因 app-request。

    ### 3. 手机中查看 event log 事件信息 ``` adb shell cat /system/etc/event-log-tags ```
    展开全文
  • EventLogAnalyzer_V4.3.0_LHdown.rar
  • 本人博客“win10突然出现右下角图标消失+无法上网问题【亲测可用】”中附件备份,用于博客的补充以及给需要的人进行EventLog注册表备份
  • Windows eventlog到unix syslog转换器。
  • EventLog_Analyzer.zip

    2019-09-29 13:04:28
    Eventlog Analyzer日志管理系统、日志分析工具、日志服务器的功能及作用  Eventlog Analyzer是用来分析和审计系统及事件日志的管理软件,能够对全网范围内的主机、服务器、网络设备、数据库以及各种应用服务系统等...
  • Event Log Tool源代码

    2012-03-21 16:55:57
    Windows Event Log 日志管理工具,功能包括添加Event Source,添加Event Log,删除Event Source,删除EventLog. 可用于Web项目发布中对自定义日志的管理。 因需要一定系统访问权限,请使用管理员权限登录使用。
  • ManageEngine EventLogAnalyzer 12.04 license文件,亲测可用。
  • 摘要:C#源码,系统相关,错误日志,EventLog组件 C#使用EventLog组件保存系统日志,本程序可以显示系统错误日志信息、查找保存系统错误日志信息。
  • Event Log Explorer for win.zipEvent Log Explorer 是一款专门为 Windows 作业系统所设计的事件分析器。系统在执行过程中,若是发生了任何问题或是启动了任何动作,其实这些记录都会以 log 的方式被记录下来,但是...
  • 本文实例讲述了C#3.0使用EventLog类写Windows事件日志的方法。分享给大家供大家参考。具体如下: 在程序中经常需要将指定的信息(包括异常信息和正常处理信息)写到日志中。在C#3.0中可以使用EventLog类将各种信 息...
  • 摘要:C#源码,控件类库,EventLog,事件日志 C#使用EventLog组件读写事件日志的实例源码,C#读取事件日志的内容,一个较简单的实例,源码参考价值高,特别是对初学者来说。
  • Android EventLog

    千次阅读 2018-11-14 19:33:35
    Android EventLog输出 1. EventLogTags.logtags介绍 &amp;amp;amp;nbsp;&amp;amp;amp;nbsp;&amp;amp;amp;nbsp;在文件frameworks/base/services/core/java/com/android/server/EventLogTags.logtags ...

    概述

       在分析Android系统或者应用相关的问题时,经常会查看EventLog,它非常简洁明了地展现当前系统以及应用行为的各种状态,简单的看下其原理。


    1. EventLogTags.logtags介绍

       在文件frameworks/base/services/core/java/com/android/server/EventLogTags.logtags

       有如下内容:

    # ---------------------------
    # PowerManagerService.java
    # ---------------------------
    # This is logged when the device is being forced to sleep (typically by
    # the user pressing the power button).
    2724 power_sleep_requested (wakeLocksCleared|1|1)
    # This is logged when the screen on broadcast has completed
    2725 power_screen_broadcast_send (wakelockCount|1|1)
    # This is logged when the screen broadcast has completed
    2726 power_screen_broadcast_done (on|1|5),(broadcastDuration|2|3),(wakelockCount|1|1)
    # This is logged when the screen on broadcast has completed
    2727 power_screen_broadcast_stop (which|1|5),(wakelockCount|1|1)
    # This is logged when the screen is turned on or off.
    2728 power_screen_state (offOrOn|1|5),(becauseOfUser|1|5),(totalTouchDownTime|2|3),(touchCycles|1|1)
    # This is logged when the partial wake lock (keeping the device awake
    # regardless of whether the screen is off) is acquired or released.
    2729 power_partial_wake_state (releasedorAcquired|1|5),(tag|3)
    
    #
    # Leave IDs through 2739 for more power logs (2730 used by battery_discharge above)
    #
    

       实际上EventLogTags.logtags类文件还有很多,例如:

    • frameworks/native/services/surfaceflinger/EventLog/EventLogTags.logtag

    • frameworks/base/packages/SystemUI/src/com/android/systemui/EventLogTags.logtags

    • frameworks/base/services/core/java/com/android/server/am/EventLogTags.logtags

    2. EventLogTags.logtags内容解析

    2.1.system/core/logcat/event.logtags对这类EventLogTags.logtags做了介绍

       根据:

    # Tag numbers are decimal integers, from 0 to 2^31.  (Let's leave the
    # negative values alone for now.)
    #
    # Tag names are one or more ASCII letters and numbers or underscores, i.e.
    # "[A-Z][a-z][0-9]_".  Do not include spaces or punctuation (the former
    # impacts log readability, the latter makes regex searches more annoying).
    #
    # Tag numbers and names are separated by whitespace.  Blank lines and lines
    # starting with '#' are ignored.
    #
    # Optionally, after the tag names can be put a description for the value(s)
    # of the tag. Description are in the format
    #    (<name>|data type[|data unit])
    # Multiple values are separated by commas.
    #
    # The data type is a number from the following values:
    # 1: int
    # 2: long
    # 3: string
    # 4: list
    # 5: float
    #
    # The data unit is a number taken from the following list:
    # 1: Number of objects
    # 2: Number of bytes
    # 3: Number of milliseconds
    # 4: Number of allocations
    # 5: Id
    # 6: Percent
    # Default value for data of type int/long is 2 (bytes).
    #
    # TODO: generate ".java" and ".h" files with integer constants from this file.
    

       我们来解析以下这段话的意思

    2728 power_screen_state (offOrOn|1|5),(becauseOfUser|1|5),(totalTouchDownTime|2|3),(touchCycles|1|1)
    

    格式 (Tag numbers) (|data type[|data unit])

    1. EventLogTags.logtags类文件,使用 “#” 做开头,注释一行;

    2. Tag numbers:2728; Tag numbers 是10进制数,范围为0 到 2^31;

    3. Tag name:power_screen_state;Tag name是由一个或者多个ASCII码加数字或者下划线组合而成,例如[A-Z][a-z][0-9]_,禁止包括空格和标点符合。影响log的阅读性;

    4. Tag numbers和Tag name中间使用空格隔开;

    5. 参数: (offOrOn|1|5), name:offOrOn,data type:1(int型),data unit:5(Id);多个参数使用逗号隔开,例如(offOrOn|1|5),(becauseOfUser|1|5),(totalTouchDownTime|2|3),(touchCycles|1|1)

    3. 解析生成文件EventLogTags.java

       Android通过build/core/base_rules.mk和build/tools/java-event-log-tags.py。把各个模块的EventLogTags.logtags文件生成对应的EventLogTags.java文件 参照:

    ###########################################################
    ## logtags: Add .logtags files to global list, emit java source
    ###########################################################
    
    logtags_sources := $(filter %.logtags,$(LOCAL_SRC_FILES))
    
    ifneq ($(strip $(logtags_sources)),)
    
    event_log_tags := $(addprefix $(LOCAL_PATH)/,$(logtags_sources))
    
    # Emit a java source file with constants for the tags, if
    # LOCAL_MODULE_CLASS is "APPS" or "JAVA_LIBRARIES".
    ifneq ($(filter $(LOCAL_MODULE_CLASS),APPS JAVA_LIBRARIES),)
    
    logtags_java_sources := $(patsubst %.logtags,%.java,$(addprefix $(intermediates.COMMON)/src/, $(logtags_sources)))
    logtags_sources := $(addprefix $(TOP_DIR)$(LOCAL_PATH)/, $(logtags_sources))
    
    $(logtags_java_sources): $(intermediates.COMMON)/src/%.java: $(TOPDIR)$(LOCAL_PATH)/%.logtags $(TARGET_OUT_COMMON_INTERMEDIATES)/all-event-log-tags.txt
        $(transform-logtags-to-java)
    
    endif
    
    else
    logtags_java_sources :=
    event_log_tags :=
    endif
    

       例如,把frameworks/base/services/core/java/com/android/server/EventLogTags.logtags文件解析生成:

    out/target/common/obj/JAVA_LIBRARIES/services.core_intermediates/src/java/com/android/server/EventLogTags.java
    

       frameworks/base/services/core/java/com/android/server/am/EventLogTags.logtags解析生成:

    out/target/common/obj/JAVA_LIBRARIES/services.core_intermediates/src/java/com/android/server/am/EventLogTags.java
    

    4. EventLogTags和EventLog调用:

       查看 out/target/common/obj/JAVA_LIBRARIES/services.core_intermediates/src/java/com/android/server
    /EventLogTags.java

       可以看出EventLogTags.logtags的一条内容项:

    2728 power_screen_state (offOrOn|1|5),(becauseOfUser|1|5),(totalTouchDownTime|2|3),(touchCycles|1|1)
    

       被解析为一个静态变量POWER_SCREEN_STATE和一个静态函数writePowerScreenState。

    public class EventLogTags {
           ...
           /** 2728 power_screen_state (offOrOn|1|5),(becauseOfUser|1|5),(totalTouchDownTime|2|3),(touchCycles|1|1) */
           public static final int POWER_SCREEN_STATE = 2728;
           ...
           public static void writePowerScreenState(int offoron, int becauseofuser, long totaltouchdowntime, int touchcycles) {
                         android.util.EventLog.writeEvent(POWER_SCREEN_STATE, offoron, becauseofuser, totaltouchdowntime, touchcycles);
           }
           ...
    }
    

       举例:notifier.java代码里面有如下调用:

    EventLog.writeEvent(EventLogTags.POWER_SCREEN_STATE, 1, 0, 0, 0);
    

       当然还可以如下使用,效果一样:

    EventLogTags.writePowerScreenState(1, 0, 0, 0);
    

    5. writeEvent的处理流程:

       大致流程如下:

    writeEvent -> android_util_EventLog.cpp -> logd_write_kern.c(liblog.so) ->
    Uio.c(liblog.so)

    6. logcat -b events输出

       eventlog可以通过以下命令来输出

    adb logcat -b events
    

       代码都在:

    system/core/logcat/logcat.cpp
    system/core/liblog/log_read_kern.c
    

       最主要的main函数,大致步骤如下:

    1. 解析"-b events";

    2. 准备好log_device_t数据;

    3. 设置输出地方,例如终端或者log文件;

    4. 打开LOG文件,保存fd;

    5. 设置输出地方,例如终端或者log文件;

    6. 读取logfd里面的内容;

    7. 多个设备监测信息更新,例如多个终端输出;

    8. 输出LOG头,例如:

      ----------Logcat----------

      --------- beginning of system

    9. 输出LOG;

    10. 重新整理log结构。

       具体代码如下:

    int main(int argc, char **argv)
    {
        ...
        for (;;) {
            ...
            switch(ret) {
                ...
                case 'b': {//解析"-b events"
                    if (strcmp(optarg, &quot;all&quot;) == 0) {
                        while (devices) {
                            dev = devices;
                            devices = dev-&gt;next;
                            delete dev;
                        }
                        devices = dev = NULL;
                        g_devCount = 0;
                        for(int i = LOG_ID_MIN; i &lt; LOG_ID_MAX; ++i) {
                            const char *name = android_log_id_to_name((log_id_t)i);
                            log_id_t log_id = android_name_to_log_id(name);
                            if (log_id != (log_id_t)i) {
                                continue;
                            }
                            bool binary = strcmp(name, &quot;events&quot;) == 0;
                            log_device_t* d = new log_device_t(name, binary);
                            if (dev) {
                                dev-&gt;next = d;
                                dev = d;
                            } else {
                                devices = dev = d;
                            }
                            g_devCount++;
                        }
                        break;
                    }
    
                    bool binary = strcmp(optarg, &quot;events&quot;) == 0;
    
                    if (devices) {
                        dev = devices;
                        while (dev-&gt;next) {
                            dev = dev-&gt;next;
                        }
                        dev-&gt;next = new log_device_t(optarg, binary); //准备好log_device_t数据
                    } else {
                        devices = new log_device_t(optarg, binary);
                    }
                    g_devCount++;
                }
                break;
                case 'B':
                    g_printBinary = 1;
                break;
                ...
            }
        }
        ...
        setupOutput();//设置输出地方,例如终端或者log文件
        ...
        while (dev) {
            ...
            //打开LOG文件,保存fd
            dev-&gt;logger = android_logger_open(logger_list,
                                              android_name_to_log_id(dev-&gt;device));
            ...
        }
        ...
        //以下是LOG输出
        dev = NULL;
        log_device_t unexpected(&quot;unexpected&quot;, false);
        while (1) {
            ...
            int ret = android_logger_list_read(logger_list, &amp;log_msg);//读取logfd里面的内容
            ...
            //多个设备监测。例如多个终端输出
            for(d = devices; d; d = d-&gt;next) {
                if (android_name_to_log_id(d-&gt;device) == log_msg.id()) {
                    break;
                }
            }
            if (!d) {
                g_devCount = 2; // set to Multiple
                d = &amp;unexpected;
                d-&gt;binary = log_msg.id() == LOG_ID_EVENTS;
            }
    
            /**
            * 输出LOG头,例如
            * ----------Logcat----------
            * --------- beginning of system
            **/
            if (dev != d) {
                dev = d;
                maybePrintStart(dev, printDividers);
            }
            //输出LOG
            if (g_printBinary) {
                printBinary(&amp;log_msg);
            } else {
                processBuffer(dev, &amp;log_msg);
            }
        }
    
        //整理log结构
        android_logger_list_free(logger_list);
        return EXIT_SUCCESS;
    }
    
    展开全文
  • django-eventlog Python

    2018-04-12 17:46:02
    django-eventlog is a very simple event logger you can use to track certain actions in your code. Events are stored in a Django model and can be viewed in the Django Admin
  • Windows Event Log 日志管理工具,功能包括添加Event Source,添加Event Log,删除Event Source,删除EventLog. 可用于Web项目发布中对自定义日志的管理。 因需要一定系统访问权限,请使用管理员权限登录使用。
  • django-eventlog django-eventlog是一个非常简单的事件记录器,可用于跟踪代码中的某些操作。 事件存储在Django模型中,可以在Django Admin中查看。 用法示例: from eventlog import EventGroup e = EventGroup...
  • .net 打 log C# 显示信息 Eventlog
  • EventLogAnalyzer_UserGuide

    2014-04-01 16:10:25
    EventLogAnalyzer_UserGuide日志分析工具的使用帮助
  • Android EventLog解析

    千次阅读 2018-07-06 18:21:18
    在分析Android系统的过程中,经常会看到在系统的关键点打印EventLog日志,并且可以通过adb shell logcat -b events 获取logcat中关于events的日志。现在分析一下events的逻辑,方便于以后定位问题和优化系统。 ...

    概述

    在分析Android系统的过程中,经常会看到在系统的关键点打印EventLog日志,并且可以通过adb shell logcat -b events 获取logcat中关于events的日志。现在分析一下events的逻辑,方便于以后定位问题和优化系统。

    相关源码说明

    EventLog.java

    EventLog.java的文件目录为 frameworks/base/core/java/android/util/EventLog.java,这个文件代替了系统中原有的frameworks/base/core/java/android/util/EventLogTags.java文件,EventLogTags.java已经被舍弃。EventLog类中用来读写数据的都在native方法中实现,如下
    // We assume that the native methods deal with any concurrency issues.
    public static native int writeEvent(int tag, int value);
    public static native int writeEvent(int tag, long value);
    public static native int writeEvent(int tag, float value);
    public static native int writeEvent(int tag, String str);
    public static native int writeEvent(int tag, Object... list);
    public static native void readEvents(int[] tags, Collection<Event> output)

    其中tag是通过readTagsFile从/system/etc/event-log-tags 文件中读取的,关于event-log-tags文件下面详细说明;读取的tag内容保存在EventLog的成员变量sTagCodes、sTagNames两个HashMap中,之所以把同一对num和name保存在两个map中,是为了方便查找。
    sTagCodes.put(name, num);
    sTagNames.put(num, name);

    event-log-tags

    文件event-log-tags位于手机的/system/etc/下面,用来定义手机支持的所有事件,以下是部分事件:

    42 answer (to life the universe etc|3)
    314 pi
    1003 auditd (avc|3)
    1004 logd (dropped|3)
    1005 liblog (dropped|1)
    2718 e
    2719 configuration_changed (config mask|1|5)
    2720 sync (id|3),(event|1|5),(source|1|5),(account|1|5)
    2721 cpu (total|1|6),(user|1|6),(system|1|6),(iowait|1|6),(irq|1|6),(softirq|1|6)
    2722 battery_level (level|1|6),(voltage|1|1),(temperature|1|1)
    2723 battery_status (status|1|5),(health|1|5),(present|1|5),(plugged|1|5),(technology|3)
    2724 power_sleep_requested (wakeLocksCleared|1|1)
    2725 power_screen_broadcast_send (wakelockCount|1|1)
    2726 power_screen_broadcast_done (on|1|5),(broadcastDuration|2|3),(wakelockCount|1|1)
    2727 power_screen_broadcast_stop (which|1|5),(wakelockCount|1|1)
    2728 power_screen_state (offOrOn|1|5),(becauseOfUser|1|5),(totalTouchDownTime|2|3),(touchCycles|1|1)
    2729 power_partial_wake_state (releasedorAcquired|1|5),(tag|3)
    2730 battery_discharge (duration|2|3),(minLevel|1|6),(maxLevel|1|6)
    2731 power_soft_sleep_requested (savedwaketimems|2)
    2740 location_controller
    2741 force_gc (reason|3)
    2742 tickle (authority|3)
    2744 free_storage_changed (data|2|2)
    2745 low_storage (data|2|2)
    2746 free_storage_left (data|2|2),(system|2|2),(cache|2|2)
    2747 contacts_aggregation (aggregation time|2|3), (count|1|1)
    2748 cache_file_deleted (path|3)

    EventLogTags.logtags

    通过命令find frameworks/ -type f -name "EventLogTags.logtags"搜索EventLogTags.logtags文件,可以发现在系统的frameworks目录下的不同目录中有很多EventLogTags.logtags文件:

    feng@feng-pc:android_mtk_n_6757_66_mp5$ find frameworks/ -type f -name "EventLogTags.logtags"
    frameworks/base/packages/SystemUI/src/com/android/systemui/EventLogTags.logtags
    frameworks/base/packages/SettingsProvider/src/com/android/providers/settings/EventLogTags.logtags
    frameworks/base/services/core/java/com/android/server/EventLogTags.logtags
    frameworks/base/services/core/java/com/android/server/am/EventLogTags.logtags
    frameworks/base/core/java/android/speech/tts/EventLogTags.logtags
    frameworks/base/core/java/android/webkit/EventLogTags.logtags
    frameworks/base/core/java/android/content/EventLogTags.logtags
    frameworks/base/core/java/com/android/internal/logging/EventLogTags.logtags
    frameworks/native/services/surfaceflinger/EventLog/EventLogTags.logtags
    frameworks/opt/telephony/src/java/com/android/internal/telephony/EventLogTags.logtags

    这些文件都是定义的某一类的事件,通过和event-log-tags文件对比发现,这些定义的事件是event-log-tags事件的子集,由此可知event-log-tags文件是依赖于.logtags文件生成的,只不过 .logtags文件中有对事件的注释说明,所以在定位问题的时候可以参考 *.logtags文件中的注释。

    疑问:我们在看源码的时候发现tag经常引用的宏EventLog.writeEvent(EventLogTags.AM_PROC_GOOD, 这个宏是如何与事件的num对应起来的呢?在编译系统的时候python脚本build/tools/java-event-log-tags.py负责将EventLogTags.logtags文件转化为标准的java,同时生成/system/etc/event-log-tags文件,比如frameworks/base/services/core/java/com/android/server/am/EventLogTags.logtags 文件生成的对应文件为out/target/common/obj/JAVA_LIBRARIES/services.core_intermediates/src/java/com/android/server/am/EventLogTags.java

    event.logtags

    event.logtags文件位于系统源码的system/core/logcat/目录下,它对EventLogTags.logtags文件内容加以解释:

    # The entries in this file map a sparse set of log tag numbers to tag names.
    # This is installed on the device, in /system/etc, and parsed by logcat.
    #
    # Tag numbers are decimal integers, from 0 to 2^31.  (Let's leave the
    # negative values alone for now.)
    # Tag numbers是十进制的整数,取值从0到2^31
    # Tag names are one or more ASCII letters and numbers or underscores, i.e.
    # "[A-Z][a-z][0-9]_".  Do not include spaces or punctuation (the former
    # impacts log readability, the latter makes regex searches more annoying).
    #
    # Tag names由1到多个ASCII码的字母和下划线组成,为了方便在log中搜索,name中避免使用空格和标点
    # Tag numbers and names are separated by whitespace.  Blank lines and lines
    # starting with '#' are ignored.
    #
    # Optionally, after the tag names can be put a description for the value(s)
    # of the tag. Description are in the format
    #    (<name>|data type[|data unit])
         (<名字>|数据类型[|数据单位])
    # Multiple values are separated by commas.
    #
    # The data type is a number from the following values:
    # 1: int
    # 2: long
    # 3: string
    # 4: list
    # 5: float
    #
    # The data unit is a number taken from the following list:
    # 1: Number of objects 对象个数
    # 2: Number of bytes 字节个数
    # 3: Number of milliseconds 毫秒
    # 4: Number of allocations 分配个数
    # 5: Id
    # 6: Percent 百分比
    # Default value for data of type int/long is 2 (bytes).
    #
    # TODO: generate ".java" and ".h" files with integer constants from this file.
    
    # These are used for testing, do not modify without updating
    # tests/framework-tests/src/android/util/EventLogFunctionalTest.java.

    日志分析

    通过adb shell logcat -b events 输出events日志,一下是部分内容,我们以am_kill为例说明一下日志意义:

    05-01 10:42:24.115  1426  2617 I am_proc_bound: [0,6180,com.gionee.change]
    05-01 10:42:24.625  1426  1654 I am_kill : [0,4060,com.mediatek.connectivity,906,empty for 5978s]
    05-01 10:42:24.681  1426  2433 I am_proc_died: [0,4060,com.mediatek.connectivity]
    05-01 10:42:25.142  1426  1709 I am_proc_start: [0,6207,10009,com.gionee.account,content provider,com.gionee.account/.GnAccountProvider]
    1. 在Android源码的EventLogTags.logtags文件中获取注释和定义,同时可以知道这是哪一类事件,方便在源码中查找事件的调用,由搜索结果可知此是am事件,所以可以在am源码内搜索事件在那个地方调用了:# Kill a process to reclaim memory.
      30023 am_kill (User|1|5),(PID|1|5),(Process Name|3),(OomAdj|1|5),(Reason|3)
    2. 如果想知道这个事件是在源码的那个地方调用的,可以源码中out目录下的EventLogTags.java文件中搜索30023,/** 30023 am_kill (User|1|5),(PID|1|5),(Process Name|3),(OomAdj|1|5),(Reason|3) */
      public static final int AM_KILL = 30023;

    3. 在am源码下搜索AM_KILL宏,可知:ProcessRecord.java
      597: EventLog.writeEvent(EventLogTags.AM_KILL, userId, pid, processName, setAdj, reason);

    展开全文
  • eventlog日志设计文档

    2009-01-19 17:46:35
    eventlog日志设计文档eventlog日志设计文档eventlog日志设计文档eventlog日志设计文档eventlog日志设计文档eventlog日志设计文档eventlog日志设计文档
  • C# 如何调用EventLog

    2018-04-16 16:34:00
    工作原理:  1.在没有指定logname,仅仅指定了source的时候。  1.1 source存在  在写eventlog的时候,首先去找source,如果找到的话,就往这个... EventLog eventLog = new EventLog(); eventLog.Source = $...

    工作原理:

         1.在没有指定logname,仅仅指定了source的时候。

          1.1 source存在

           在写eventlog的时候,首先去找source,如果找到的话,就往这个source所在的log里面写日志。

       EventLog eventLog = new EventLog();
                eventLog.Source = $@"LisaEventLog 2018-04-17 18:37:16.907 +08:00";
                var message =
                    $"{AppDomain.CurrentDomain.BaseDirectory}{Environment.NewLine}{AppDomain.CurrentDomain.FriendlyName} {DateTimeOffset.Now}";
                eventLog.WriteEntry(message, EventLogEntryType.Error);
                Console.WriteLine($@"{eventLog.Log},{eventLog.Source}");

     

          1.2 source 不存在 (直接绑定Application作为logname,然后自动创建一个source)

         https://github.com/dotnet/corefx/

     

        dotnet\corefx\src\System.Diagnostics.EventLog\src\System\Diagnostics\EventLogInternal.cs

        private void VerifyAndCreateSource(string sourceName, string currentMachineName)

         如果log没有指定,默认会使用Application

    if (GetLogName(currentMachineName) == null)
    this.logName = "Application";

    然后自动创建一个event source

      EventLog.CreateEventSource(new EventSourceCreationData(sourceName, GetLogName(currentMachineName), currentMachineName));

      EventLog eventLog = new EventLog();
                eventLog.Source = $@"{nameof(LisaEventLog)} {DateTimeOffset.Now:yyyy-MM-dd HH:mm:ss.fff zzz}";
                var message =
                    $"{AppDomain.CurrentDomain.BaseDirectory}{Environment.NewLine}{AppDomain.CurrentDomain.FriendlyName} {DateTimeOffset.Now}";
                eventLog.WriteEntry(message, EventLogEntryType.Error);
                Console.WriteLine($@"{eventLog.Log},{eventLog.Source}");

     

     

          2.指定logname和source

          2.1 source不存在

                2.1.1 logname也不存在

                        那么会自动创建log和source,然后写log

                2.1.2 logname存在

                       那么会在log下自动创建source,然后写log

          2.2 source存在

                那么这个source肯定有对应的log了,要么不指定log,让系统自动去匹配。上面的1.1

                如果要指定log的话,那么必须指定为正确的,否则会抛出异常

         3. source没有指定

       这个是不允许的

    System.ArgumentException : Source property was not set before writing to the event log.
    at System.Diagnostics.EventLogInternal.WriteEntry(String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData)
    at System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type)

     

     

     

     

     public class LisaEventLog
        {
            private readonly string _logName = @"Lisa";
    
            public string LogName => _logName;
    
            public LisaEventLog()
            {
            }
    
            public LisaEventLog(string logName)
            {
                _logName = logName;
            }
    
            public void WriteEntry(string error, EventLogEntryType type)
            {
                var sourceName = AppDomain.CurrentDomain.FriendlyName;
                if (!EventLog.SourceExists(sourceName))
                {
                    EventLog.CreateEventSource(sourceName, _logName);
                }
                using (EventLog eventLog = new EventLog(_logName))
                {
                    eventLog.Source = sourceName;
                    var message = $"{AppDomain.CurrentDomain.BaseDirectory}{Environment.NewLine}{error}";
                    eventLog.WriteEntry(message, type);
                }
            }
        }

     

    左侧栏里面的叫做LogName,每一条event log中的source列,对应的是source

     

    EventLog.Entries

     这里的entries是指event log,比如上图中对应有5个。

     

     

    System.ArgumentException : Only the first eight characters of a custom log name are significant, and there is already another log on the system using the first eight characters of the name given. Name given: 'Application1', name of existing log: 'Application'.
    at System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData sourceData)
    at System.Diagnostics.EventLogInternal.VerifyAndCreateSource(String sourceName, String currentMachineName)
    at System.Diagnostics.EventLogInternal.WriteEntry(String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData)
    at System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type)

     

     

    System.ArgumentException : The source 'klnagent2' is not registered in log 'Application'. (It is registered in log 'Appplicat'.) " The Source and Log properties must be matched, or you may set Log to the empty string, and it will automatically be matched to the Source property.
    at System.Diagnostics.EventLogInternal.VerifyAndCreateSource(String sourceName, String currentMachineName)
    at System.Diagnostics.EventLogInternal.WriteEntry(String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData)
    at System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type)
    at ExcelTest.Test.TestEventLog() in D:\ChuckLu\Git\Edenred\LISA_5.0.0.0\ExcelTest\Test.cs:line 692

    展开全文
  • Android EventLog简介

    千次阅读 2018-04-10 17:04:54
    在cmd终端上 输入 adb logcat -b events 会打印出EventLog信息二. EventLog2.1 ActivityManagerNumTagName格式功能30001am_finish_activityUser,Token,TaskID,ComponentName,Reason 30002am_task_to_frontUser,Task...
  • 完整代码、c#写入事件查看器DEMO,visual studio 2010,eventLog控件
  • EventLog,输出到系统事件日志EventLog,输出到系统事件日志

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 394,913
精华内容 157,965
关键字:

eventlog