Log analysis


Log analysis

Log analysis (or "system and network log analysis") is an art and science seeking to make sense out of computer-generated records (also called log or audit trail records). The process of creating such records is called data logging.

Typical reasons why people perform log analysis are:
* Compliance with security policies
* Compliance with audit or regulation
* System troubleshooting
* Forensics (during investigations or in response to sopena)
* security incident response

Logs are emitted by network devices, operating systems, applications and all manner of intelligent or programmable device.A stream of messages in time-sequence often comprise a log.Logs may be directed to files, stored on disk, or directed as a network stream, directed to a log collector.

Log messages must usually be interpreted with respect to the internal state of its source (e.g., application)and announce security-relevant or operations-relevant events (e.g., a user login, or a systems error).

Logs are often created by the software developers to aid in the debugging of the operation of the application.The syntax and semantics of data within log messages are usually application or vendor-specific. The authenticationof a user to an application may be described as a login, a logon, a user connection or authentication event.Hence, log analysis must interpret messages within the context of an application, vendor, system or configuration inorder to make useful comparisons to messages from different log sources.

Log message format or content may not always be fully documented. A task of the log analyst is to induce the systemto emit the full range of messages in order to understand the complete domain from which the messages must be interpreted.

A log analyst may map varying terminology from different log sources into a uniform, normalized terminology so thatreports and statistics can be derived from a heterogenous environment. E.g., log messages from Windows, Unix, network firewalls,databases may be aggregated into a "normalized" report for the auditor.

Hence, log analysis practices exist on the continuum from text retrieval to reverse engineering of software.

ee also

*Audit trail
*Data logging
*Data logger
*Server log
*Web log analysis software

External links

* [http://www.splunk.com/download Splunk, Inc. Index, Search, Analyze Logs]
* [http://www.loganalysis.org LogAnalysis.org]
* [http://www.ossec.net OSSEC Open Source IDS/Log analysis project]
* [http://swatch.sourceforge.net/ swatch] , a computer log files monitoring tool.


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Web log analysis software — (also called a web log analyzer) is a simple kind of Web analytics software that parses a log file from a web server, and based on the values contained in the log file, derives indicators about who, when, and how a web server is visited. Usually… …   Wikipedia

  • Log management and intelligence — Log Management (LM) comprises an approach to dealing with large volumes of computer generated log messages (also known as audit records, audit trails, event logs, etc). LM covers log collection, centralized aggregation, long term retention and… …   Wikipedia

  • Log-lineare Modelle — gehören zu den multivariaten Verfahren. Mit Log linearen Modellen werden nominalskalierte Daten analysiert. Durch eine logarithmische Transformation kann man bei der Analyse mehrdimensionaler Häufigkeitstabellen das Problem meist anschaulicher… …   Deutsch Wikipedia

  • Log-lineares Modell — Log lineare Modelle gehören zu den multivariaten Verfahren. Mit Log linearen Modellen werden nominalskalierte Daten analysiert. Durch eine logarithmische Transformation kann man bei der Analyse mehrdimensionaler Häufigkeitstabellen das Problem… …   Deutsch Wikipedia

  • log|o|pe|dics — «LG uh PEE dihks, LOG », noun. the study, analysis, and treatment of defective speech. ╂[< Greek lógos word + (ortho)pedics] …   Useful english dictionary

  • Log-logistic distribution — Probability distribution name =Log logistic type =density pdf cdf parameters =alpha>0 scale eta> 0 shape support =xin [0,infty) pdf = frac{ (eta/alpha)(x/alpha)^{eta 1} } { left [ 1+(x/alpha)^{eta} ight] ^2 } cdf ={ 1 over 1+(x/alpha)^{ eta} …   Wikipedia

  • analysis — /euh nal euh sis/, n., pl. analyses / seez /. 1. the separating of any material or abstract entity into its constituent elements (opposed to synthesis). 2. this process as a method of studying the nature of something or of determining its… …   Universalium

  • Analysis of algorithms — To analyze an algorithm is to determine the amount of resources (such as time and storage) necessary to execute it. Most algorithms are designed to work with inputs of arbitrary length. Usually the efficiency or running time of an algorithm is… …   Wikipedia

  • Analysis of categorical data — These are statistical procedures which can be used for the analysis of categorical data:* regression * analysis of variance * linear modeling * log linear modeling * logistic regression * repeated measures analysis * simple correspondence… …   Wikipedia

  • Analysis of variance — In statistics, analysis of variance (ANOVA) is a collection of statistical models, and their associated procedures, in which the observed variance in a particular variable is partitioned into components attributable to different sources of… …   Wikipedia


We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.