BLUELOG(1) Bluelog Manual BLUELOG(1)NAME
Bluelog - Bluetooth Scanner and Logger
SYNOPSISbluelog-i [Interface] [Options] -o [Output File]
bluelog-help
DESCRIPTION
Bluelog is a simple Bluetooth scanner that is designed to essentially
do just one thing, log all the discoverable devices in the area. It is
intended to be used as a site survey tool, identifying the number of
possible Bluetooth targets there are in the surrounding environment.
I wrote Bluelog because there didn't appear to be any Bluetooth scanner
for Linux that would simply log discoverable devices without also doing
a whole bunch of other stuff I didn't really need.
Of course, in the end I managed to expand Bluelog into doing a whole
bunch of other stuff I didn't really need. But at least I still kept it
optional, so you can always stick with the basics if that's all you
want.
BASIC OPTIONS-i <hci interface or MAC>
This option tells Bluelog which Bluetooth device you want to
scan with. You can use either the HCI device name (like hci2)
or the MAC of the local adapter. As a bonus, if you give a
device which doesn't exist, Bluelog will fall back on autodetec‐
tion to find a working device.
-o <filename>
This is the (optional) filename of the log file to write. The
default filename has the format of "bluelog-YYYY-MM-DD-
HHMM.log", located in the current directory.
-v Use this option to toggle displaying found devices on the con‐
sole. Verbose output will also contain device class information
and timestamps. Default is disabled.
-q Turn off nonessential terminal output. In normal mode this means
you will only see the start time of the scan and the message
indicating proper shutdown. When used with daemon mode (-d),
there will be no terminal output at all. The only exception to
this option are critical errors, for obvious reasons.
-d This option will daemonize Bluelog so that it runs in the back‐
ground. You will still see the boilerplate and startup messages,
but after that you will no longer see any info from Bluelog in
the terminal.
-k When running an instance of Bluelog in daemon mode, the -k
option can be used to kill it.
-l This option switches Bluelog over to Live mode, which uses an
automatically updated web page to show results rather than the
console and regular log files. See BLUELOG LIVE below for more
details.
LOGGING OPTIONS-n Use this option to toggle displaying device names for discovered
devices. Finding the device name takes extra time during scan‐
ning, and occasionally fails. Therefore by not resolving device
names, Bluelog can scan faster and more accurately. Default is
disabled.
-m This option, if enabled in the build, performs hardware manufac‐
turer lookups of discovered devices via the MAC OUI. The hard‐
ware manufacturer will be logged in the standard log file, as
well as Bluelog Live. The manufacturer database needs to be
installed for this function to work, which makes it prohibitive‐
ly large for some platforms (such as OpenWRT).
-c This option toggles writing the raw device class to the log
file. Enabling this option disables the -f option. Default is
disabled.
-f This option takes the device class and interprets it into a more
human friendly format. It will tell you what class the device is
and also what it's core capabilities are. For example, the class
0x7a020c would appear as: Smart Phone,(Net Capture Obex Audio
Phone) Enabling this option disables the -c option. Default is
disabled.
-t Use this option to toggle displaying timestamps for both the
start and end of the scan and each new device found in the log
file. Default is disabled.
-x Use this option to toggle MAC address obfuscation. With this
option enabled, Bluelog will display the manufacturer portion of
each discovered MAC, but block out the device specific identi‐
fier. Default is disabled.
-e Use this option to toggle CRC32 MAC address encoding. With this
option enabled, the discovered MAC addresses will never be
logged to disk, rather, each device will have a unique ID gener‐
ated for it. This prevents privacy concerns during activities
such as Bluetooth traffic monitoring. Default is disabled.
-b This option will set the log format so that the resulting data
is suitable for upload to ronin's Bluetooth Profiling Project
(BlueProPro). This overrides most other logging options, and
disables Bluelog Live. For more information on this project, and
the additional steps required to submit your data for inclusion,
visit: www.hackfromacave.com
ADVANCED OPTIONS-r <retries>
This option sets how many attempts Bluelog should make to
resolve a device name. For various reasons (poor link, busy
device, etc, etc), devices won't always respond to a name
request in a timely manner. This fills the logs or Live display
with un-named devices which look, frankly, uncool. By default,
Bluelog will make 3 attempts to resolve a device name, using
this option you can set that count to either be lower (faster,
but less accurate), or higher (slower, but possibly more accu‐
rate).
-a <minutes>
This option enables "amnesia mode", which causes Bluelog to for‐
get it has seen a particular device after a set amount of time,
given here as minutes. When Bluelog encounters a device it has
forgotten through this option, it will print it to the logs
again as if it was the first time it has been seen. A value of
zero will cause Bluelog to continuously log a device as quickly
as possible (actual speed depends on platform Bluelog is running
on).
-w <seconds>
This is an experimental option that allows adjusting how long
Bluelog instructs BlueZ to scan for. Generally speaking, shorter
scan times allow Bluelog to process the incoming data faster,
but requires more processing power. Longer scan times should
theoretically work better on lower end hardware.
-s Use this option to toggle syslog only mode. This disables the
standard log file and writes new devices to the system log file
instead. Default is disabled.
BASIC SCANNING
There isn't a whole lot to say about this one. Start up Bluelog with
the appropriate options, and then just walk/drive around the area and
see what you come up with.
For your first scan, try something simple like:
bluelog-vtn
This will turn on verbose output, timestamps, device names, and output
to the default file "devices.log". There are a number of other options
which you can use to customize the level of logging Bluelog will do,
but most people will probably be happy with just the time, MAC, and
device name.
BLUELOG LIVE
Bluelog Live is an alternate interface for Bluelog. Instead of out‐
putting discovered devices to the console, or writing them to the
sparse log file, Bluelog will create a web page with the results that
you can serve up for anyone who cares to look.
For more information on Bluelog Live, please see the README.LIVE file.
DAEMON MODE
Running Bluelog with the -d option will start it in daemon mode, which
puts it into the background. This mode is especially useful when run‐
ning Bluelog Live.
Only one instance of Bluelog can run at a time, so if you attempt to
start Bluelog (in either daemon or interactive mode) while it is
already running in daemon mode, you will be prompted to kill the exist‐
ing process. You can use the -k option to kill a running Bluelog
process, or simply find the process with ps and kill it manually.
It is worth noting that enabling daemon mode also overrides some other
options, such as verbose mode (since there is no terminal output once
Bluelog goes into the background).
AUTHOR
Tom Nardi - MS3FGX@gmail.com
www.digifail.com
FILES
/usr/share/bluelog
/tmp/devices.log
/tmp/info.txt
Bluelog 01/31/2013 BLUELOG(1)
