Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tons of "item_type unknown (0xF2)" and "Unknown custom data object type" occur while processing Unified Logs #74

Open
mnrkbys opened this issue Sep 29, 2021 · 1 comment
Open

tons of "item_type unknown (0xF2)" and "Unknown custom data object type" occur while processing Unified Logs #74

mnrkbys opened this issue Sep 29, 2021 · 1 comment

Comments

@mnrkbys
Copy link
Contributor

mnrkbys commented Sep 29, 2021

The warning and info messages like below are displayed, if I analyze unified logs of macOS 10.6.

2021-09-29 11:29:09|MAIN.UNIFIED_LOG_READER_LIB|INFO|Unknown custom data object type '{public,mdns:dnshdr}' data size=0xC in log @ 0x18E8
2021-09-29 11:29:09|MAIN.UNIFIED_LOG_READER_LIB|INFO|Unknown custom data object type '{public,mdns:dnshdr}' data size=0xC in log @ 0x1988
2021-09-29 11:29:09|MAIN.UNIFIED_LOG_READER_LIB|INFO|Unknown custom data object type '{public,mdns:dnshdr}' data size=0xC in log @ 0x1A28
2021-09-29 11:29:09|MAIN.UNIFIED_LOG_READER_LIB|INFO|Unknown custom data object type '{public,mdns:dnshdr}' data size=0xC in log @ 0x1B68
2021-09-29 11:29:09|MAIN.UNIFIED_LOG_READER_LIB|WARNING|item_type unknown (0xF2)
2021-09-29 11:29:09|MAIN.UNIFIED_LOG_READER_LIB|WARNING|item_type unknown (0xF2)
2021-09-29 11:29:09|MAIN.UNIFIED_LOG_READER_LIB|WARNING|item_type unknown (0xF2)
2021-09-29 11:29:09|MAIN.UNIFIED_LOG_READER_LIB|INFO|Unknown custom data object type '{private, mask.hash, mdnsresponder:domain_name}' data size=0x4 in log @ 0x1E20
2021-09-29 11:29:09|MAIN.UNIFIED_LOG_READER_LIB|WARNING|item_type unknown (0xF2)
2021-09-29 11:29:09|MAIN.UNIFIED_LOG_READER_LIB|WARNING|item_type unknown (0xF2)

A very large number of messages have been recorded.

% fgrep "MAIN.UNIFIED_LOG_READER_LIB" Log.20210929-105600.txt | fgrep "item_type unknown (0xF2)" | wc -l               
 1365407
% fgrep "MAIN.UNIFIED_LOG_READER_LIB" Log.20210929-105600.txt | fgrep "Unknown custom data object type" | wc -l
  889319

mac_apt log file has been attached.
Log.20210929-105600.txt.zip

Also, I can share the unified log files exported by mac_apt if necessary to fix the problem.
@ydkhatri
Copy link
Owner

The unified log format evolves with every new iteration of macOS. I will have to do some research here about.
About the Unknown custom data object type message, this has to do with structures that the library does not know how to parse as there is no definition available. Some of the common ones used have been reverse engineered, there are many more that are unknown.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ydkhatri @mnrkbys