Jump to content

Logging (computing): Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
m use {ref rfc}
(10 intermediate revisions by 9 users not shown)
Line 6: Line 6:


In the simplest case, messages are written to a file, called a ''log file''.<ref>{{cite web |url= https://blog.pandorafms.org/log-monitoring/ |title= Log Monitoring: not the ugly sister |access-date = February 14, 2018 |last= DeLaRosa |first= Alexander |date= February 8, 2018 |website= [[Pandora FMS]] |language = english |quote= A log file is a text file or XML file used to register the automatically produced and time-stamped documentation of events, behaviors and conditions relevant to a particular system. |archive-url= https://web.archive.org/web/20180214153657/https://blog.pandorafms.org/log-monitoring/
In the simplest case, messages are written to a file, called a ''log file''.<ref>{{cite web |url= https://blog.pandorafms.org/log-monitoring/ |title= Log Monitoring: not the ugly sister |access-date = February 14, 2018 |last= DeLaRosa |first= Alexander |date= February 8, 2018 |website= [[Pandora FMS]] |language = english |quote= A log file is a text file or XML file used to register the automatically produced and time-stamped documentation of events, behaviors and conditions relevant to a particular system. |archive-url= https://web.archive.org/web/20180214153657/https://blog.pandorafms.org/log-monitoring/
|archive-date= February 14, 2018}}</ref> Alternatively, the messages may be written to a dedicated logging system or to a [[log management]] software, where it is stored in a database or on a different computer system.
|archive-date= February 14, 2018}}</ref> Alternatively, the messages may be written to a dedicated logging system or to a [[log management]] software, where it is stored in a database or on a different computer system.


Specifically, a ''transaction log'' is a log of the communications between a system and the users of that system,<ref>Peters, T. (1993). The history and development of transaction log analysis. Library Hi Tech., 42(11), 41−66</ref> or a data collection method that automatically captures the type, content, or time of transactions made by a person from a terminal with that system.<ref>Rice, R. E., & Borgman, C. L. (1983). The use of computer-monitored data in information science. Journal of the American Society for Information Science, 44, 247−256</ref> For Web searching, a transaction log is an electronic record of interactions that have occurred during a searching episode between a Web search engine and users searching for information on that Web search engine.
Specifically, a ''transaction log'' is a log of the communications between a system and the users of that system,<ref>{{cite journal | last=Peters | first=Thomas A. | title=The history and development of transaction log analysis | journal=Library Hi Tech | volume=11 | issue=2 | date=1993-02-01 | issn=0737-8831 | doi=10.1108/eb047884 | pages=41–66}}</ref> or a data collection method that automatically captures the type, content, or time of transactions made by a person from a terminal with that system.<ref>{{cite journal | last1=Rice | first1=Ronald E. | last2=Borgman | first2=Christine L. | title=The use of computer-monitored data in information science and communication research | journal=Journal of the American Society for Information Science | volume=34 | issue=4 | date=1983 | issn=0002-8231 | doi=10.1002/asi.4630340404 | pages=247–256}}</ref> For Web searching, a transaction log is an electronic record of interactions that have occurred during a searching episode between a Web search engine and users searching for information on that Web search engine.


Many operating systems, software frameworks and programs include a logging system. A widely used logging standard is [[Syslog]], defined in Internet Engineering Task Force (IETF) [[Request for Comments|RFC]] 5424). The Syslog standard enables a dedicated, standardized subsystem to generate, filter, record, and analyze log messages. This relieves software developers of having to design and code their ad hoc logging systems.<ref>{{Cite web|url=https://winscp.net/eng/docs/logging_xml|title=XML Logging :: WinSCP|website=winscp.net}}</ref><ref>{{Cite web|url=https://www.codeproject.com/Articles/28752/Use-XML-for-Log-Files|title=Use XML for Log Files|date=August 22, 2008|website=CodeProject}}</ref><ref>{{Cite web|url=https://learn.microsoft.com/en-us/previous-versions/dotnet/articles/ms972965(v=msdn.10)|title=Turn Your Log Files into Searchable Data Using Regex and the XML Classes|website=learn.microsoft.com}}</ref>
Many operating systems, software frameworks and programs include a logging system. A widely used logging standard is [[Syslog]], defined in [[Request for Comments|IETF RFC]] 5424.{{Ref RFC|5424}} The Syslog standard enables a dedicated, standardized subsystem to generate, filter, record, and analyze log messages. This relieves software developers of having to design and code their ad hoc logging systems.<ref>{{Cite web|url=https://winscp.net/eng/docs/logging_xml|title=XML Logging :: WinSCP|website=winscp.net|date=16 June 2022 }}</ref><ref>{{Cite web|url=https://www.codeproject.com/Articles/28752/Use-XML-for-Log-Files|title=Use XML for Log Files|date=August 22, 2008|website=CodeProject}}</ref><ref>{{Cite web|url=https://learn.microsoft.com/en-us/previous-versions/dotnet/articles/ms972965(v=msdn.10)|title=Turn Your Log Files into Searchable Data Using Regex and the XML Classes|website=learn.microsoft.com|date=24 June 2011 }}</ref>


== Types ==
== Types ==
Line 19: Line 19:
They are essential to understand particularly in the case of applications with little user interaction.
They are essential to understand particularly in the case of applications with little user interaction.


It can also be useful to combine log file entries from multiple sources. It is a different combination that may yield between with related events on different servers. Other solutions employ network-wide querying and [[report]]ing.<ref>{{Cite web|url=https://learn.microsoft.com/en-us/sql/relational-databases/logs/log-file-viewer|title=Log File Viewer - SQL Server|website=learn.microsoft.com}}</ref><ref name="auto">{{Cite web |title=Extended Log File Format |url=https://www.org/TR/WD-logfile.html |website=www.w3.org}}</ref>
It can also be useful to combine log file entries from multiple sources. It is a different combination that may yield between with related events on different servers. Other solutions employ network-wide querying and [[report]]ing.<ref>{{Cite web|url=https://learn.microsoft.com/en-us/sql/relational-databases/logs/log-file-viewer|title=Log File Viewer - SQL Server|website=learn.microsoft.com|date=28 February 2023 }}</ref><ref name="auto">{{Cite web |title=Extended Log File Format |url=https://www.org/TR/WD-logfile.html |website=www.w3.org}}</ref>


=== Transaction logs ===
=== Transaction logs ===
{{Main|Transaction log}}
{{Main|Transaction log}}


Most [[Database|database systems]] maintain some kind of ''transaction log'', which are not mainly intended as an audit trail for later analysis, and are not intended to be [[human-readable]]. These logs record changes to the stored data to allow the database to recover from [[Crash (computing)|crashes]] or other data errors and maintain the stored data in a consistent state. Thus, database systems usually have both general event logs and transaction logs.<ref>{{Cite web|url=https://learn.microsoft.com/en-us/sql/relational-databases/logs/the-transaction-log-sql-server|title=The Transaction Log (SQL Server) - SQL Server|website=learn.microsoft.com}}</ref><ref>{{Cite web|url=https://www.sqlshack.com/beginners-guide-sql-server-transaction-logs/|title=A beginner’s guide to SQL Server transaction logs|first=Ivan|last=Stankovic|date=February 11, 2014}}</ref><ref>{{Cite web|url=https://www.techrepublic.com/article/understanding-the-importance-of-transaction-logs-in-sql-server/|title=Understanding the importance of transaction logs in SQL Server|date=November 11, 2004|website=TechRepublic}}</ref><ref>{{Cite web|url=https://www.neurobs.com/pres_docs/html/03_presentation/07_data_reporting/01_logfiles/index.html|title=Logfiles|website=www.neurobs.com}}</ref>
Most [[Database|database systems]] maintain some kind of ''transaction log'', which are not mainly intended as an audit trail for later analysis, and are not intended to be [[human-readable]]. These logs record changes to the stored data to allow the database to recover from [[Crash (computing)|crashes]] or other data errors and maintain the stored data in a consistent state. Thus, database systems usually have both general event logs and transaction logs.<ref>{{Cite web|url=https://learn.microsoft.com/en-us/sql/relational-databases/logs/the-transaction-log-sql-server|title=The Transaction Log (SQL Server) - SQL Server|website=learn.microsoft.com|date=27 September 2023 }}</ref><ref>{{Cite web|url=https://www.sqlshack.com/beginners-guide-sql-server-transaction-logs/|title=A beginner's guide to SQL Server transaction logs|first=Ivan|last=Stankovic|date=February 11, 2014}}</ref><ref>{{Cite web|url=https://www.techrepublic.com/article/understanding-the-importance-of-transaction-logs-in-sql-server/|title=Understanding the importance of transaction logs in SQL Server|date=November 11, 2004|website=TechRepublic}}</ref><ref>{{Cite web|url=https://www.neurobs.com/pres_docs/html/03_presentation/07_data_reporting/01_logfiles/index.html|title=Logfiles|website=www.neurobs.com}}</ref>


The use of data stored in transaction logs of Web search engines, Intranets, and Web sites can provide valuable insight into understanding the information-searching process of online searchers.<ref>Jansen, B. J. 2006. Search log analysis: What is it; what's been done; how to do it. Library and Information Science Research, 28(3), 407-432</ref> This understanding can enlighten information system design, interface development, and devising the information architecture for content collections.
The use of data stored in transaction logs of Web search engines, Intranets, and Web sites can provide valuable insight into understanding the information-searching process of online searchers.<ref>{{cite journal | last=Jansen | first=Bernard J. | title=Search log analysis: What it is, what's been done, how to do it | journal=Library & Information Science Research | publisher=Elsevier BV | volume=28 | issue=3 | year=2006 | issn=0740-8188 | doi=10.1016/j.lisr.2006.06.005 | pages=407–432}}</ref> This understanding can enlighten information system design, interface development, and devising the information architecture for content collections.


=== Message logs ===
=== Message logs ===
Line 42: Line 42:
A ''server log'' is a log file (or several files) automatically created and maintained by a [[Server (computing)|server]] consisting of a list of activities it performed.
A ''server log'' is a log file (or several files) automatically created and maintained by a [[Server (computing)|server]] consisting of a list of activities it performed.


A typical example is a [[Webserver directory index|web server]] log which maintains a history of page requests. The [[World Wide Web Consortium|W3C]] maintains a standard format (the [[Common Log Format|Common Log Format]]) for web server log files, but other proprietary formats exist.<ref name="auto"/>Some servers can log information to computer readable formats (such as [[JSON]]) versus the human readable standard.<ref>{{Cite web|url=https://caddyserver.com/|title=How Logging Works - Caddy Documentation|first=Caddy Web|last=Server|website=caddyserver.com}}</ref> More recent entries are typically appended to the end of the file. Information about the request, including [[client (computing)|client]] [[IP address]], request [[Calendar date|date]]/[[time]], [[webpage|page]] requested, [[HTTPs|HTTP]] code, bytes served, [[User agent|user agent]], and [[HTTP referrer|referrer]] are typically added. This data can be combined into a single file, or separated into distinct logs, such as an access log, [[error]] log, or referrer log. However, server logs typically do not collect user-specific information.
A typical example is a [[Webserver directory index|web server]] log which maintains a history of page requests. The [[World Wide Web Consortium|W3C]] maintains a standard format (the [[Common Log Format]]) for web server log files, but other proprietary formats exist.<ref name="auto"/> Some servers can log information to computer readable formats (such as [[JSON]]) versus the human readable standard.<ref>{{Cite web|url=https://caddyserver.com/|title=How Logging Works - Caddy Documentation|first=Caddy Web|last=Server|website=caddyserver.com}}</ref> More recent entries are typically appended to the end of the file. Information about the request, including [[client (computing)|client]] [[IP address]], request [[Calendar date|date]]/[[time]], [[webpage|page]] requested, [[HTTPs|HTTP]] code, bytes served, [[user agent]], and [[HTTP referrer|referrer]] are typically added. This data can be combined into a single file, or separated into distinct logs, such as an access log, [[error]] log, or referrer log. However, server logs typically do not collect user-specific information.


These files are usually not accessible to general Internet users, only to the [[webmaster]] or other administrative person of an Internet service. A statistical analysis of the server log may be used to examine traffic patterns by time of day, day of week, referrer, or user agent. Efficient web site administration, adequate hosting resources and the fine tuning of sales efforts can be aided by analysis of the web server logs.
These files are usually not accessible to general Internet users, only to the [[webmaster]] or other administrative person of an Internet service. A statistical analysis of the server log may be used to examine traffic patterns by time of day, day of week, referrer, or user agent. Efficient web site administration, adequate hosting resources and the fine tuning of sales efforts can be aided by analysis of the web server logs.
Line 52: Line 52:
* {{annotated link|Logging as a service}}
* {{annotated link|Logging as a service}}
* {{annotated link|XML log}}
* {{annotated link|XML log}}
* {{section link|Tracing_(software)#Event_logging}} - comparing software tracing with event logging
* {{section link|Security event management#Event logs}} - with a focus on security management


== References ==
== References ==

Revision as of 21:44, 5 September 2024

In computing, logging is the act of keeping a log of events that occur in a computer system, such as problems, errors or just information on current operations. These events may occur in the operating system or in other software. A message or log entry is recorded for each such event. These log messages can then be used to monitor and understand the operation of the system, to debug problems, or during an audit. Logging is particularly important in multi-user software, to have a central overview of the operation of the system.

In the simplest case, messages are written to a file, called a log file.[1] Alternatively, the messages may be written to a dedicated logging system or to a log management software, where it is stored in a database or on a different computer system.

Specifically, a transaction log is a log of the communications between a system and the users of that system,[2] or a data collection method that automatically captures the type, content, or time of transactions made by a person from a terminal with that system.[3] For Web searching, a transaction log is an electronic record of interactions that have occurred during a searching episode between a Web search engine and users searching for information on that Web search engine.

Many operating systems, software frameworks and programs include a logging system. A widely used logging standard is Syslog, defined in IETF RFC 5424.[4] The Syslog standard enables a dedicated, standardized subsystem to generate, filter, record, and analyze log messages. This relieves software developers of having to design and code their ad hoc logging systems.[5][6][7]

Types

Event logs

Event logs record events taking place in the execution of a system in order to provide. That can be used to understand the activity of the system and to diagnose problems. They are essential to understand particularly in the case of applications with little user interaction.

It can also be useful to combine log file entries from multiple sources. It is a different combination that may yield between with related events on different servers. Other solutions employ network-wide querying and reporting.[8][9]

Transaction logs

Most database systems maintain some kind of transaction log, which are not mainly intended as an audit trail for later analysis, and are not intended to be human-readable. These logs record changes to the stored data to allow the database to recover from crashes or other data errors and maintain the stored data in a consistent state. Thus, database systems usually have both general event logs and transaction logs.[10][11][12][13]

The use of data stored in transaction logs of Web search engines, Intranets, and Web sites can provide valuable insight into understanding the information-searching process of online searchers.[14] This understanding can enlighten information system design, interface development, and devising the information architecture for content collections.

Message logs

Internet Relay Chat (IRC), instant messaging (IM) programs, peer-to-peer file sharing clients with chat functions, and multiplayer games (especially MMORPGs) commonly have the ability to automatically save textual communication, both public (IRC channel/IM conference/MMO public/party chat messages) and private chat between users, as message logs.[15] Message logs are almost universally plain text files, but IM and VoIP clients (which support textual chat, e.g. Skype) might save them in HTML files or in a custom format to ease reading or enable encryption.

In the case of IRC software, message logs often include system/server messages and entries related to channel and user changes (e.g. topic change, user joins/exits/kicks/bans, nickname changes, the user status changes), making them more like a combined message/event log of the channel in question, but such a log is not comparable to a true IRC server event log, because it only records user-visible events for the time frame the user spent being connected to a certain channel.

Instant messaging and VoIP clients often offer the chance to store encrypted logs to enhance the user's privacy. These logs require a password to be decrypted and viewed, and they are often handled by their respective writing application. Some privacy focused messaging services, such as Signal, record minimal logs about users, limiting their information to connection times.[16]

Server logs

Apache access log showing Wordpress vulnerability bots

A server log is a log file (or several files) automatically created and maintained by a server consisting of a list of activities it performed.

A typical example is a web server log which maintains a history of page requests. The W3C maintains a standard format (the Common Log Format) for web server log files, but other proprietary formats exist.[9] Some servers can log information to computer readable formats (such as JSON) versus the human readable standard.[17] More recent entries are typically appended to the end of the file. Information about the request, including client IP address, request date/time, page requested, HTTP code, bytes served, user agent, and referrer are typically added. This data can be combined into a single file, or separated into distinct logs, such as an access log, error log, or referrer log. However, server logs typically do not collect user-specific information.

These files are usually not accessible to general Internet users, only to the webmaster or other administrative person of an Internet service. A statistical analysis of the server log may be used to examine traffic patterns by time of day, day of week, referrer, or user agent. Efficient web site administration, adequate hosting resources and the fine tuning of sales efforts can be aided by analysis of the web server logs.

See also

References

  1. ^ DeLaRosa, Alexander (February 8, 2018). "Log Monitoring: not the ugly sister". Pandora FMS. Archived from the original on February 14, 2018. Retrieved February 14, 2018. A log file is a text file or XML file used to register the automatically produced and time-stamped documentation of events, behaviors and conditions relevant to a particular system.
  2. ^ Peters, Thomas A. (1993-02-01). "The history and development of transaction log analysis". Library Hi Tech. 11 (2): 41–66. doi:10.1108/eb047884. ISSN 0737-8831.
  3. ^ Rice, Ronald E.; Borgman, Christine L. (1983). "The use of computer-monitored data in information science and communication research". Journal of the American Society for Information Science. 34 (4): 247–256. doi:10.1002/asi.4630340404. ISSN 0002-8231.
  4. ^ R. Gerhards (March 2009). The Syslog Protocol. Network Working Group. doi:10.17487/RFC5424. RFC 5424. Proposed Standard. Obsoletes RFC 3164.
  5. ^ "XML Logging :: WinSCP". winscp.net. 16 June 2022.
  6. ^ "Use XML for Log Files". CodeProject. August 22, 2008.
  7. ^ "Turn Your Log Files into Searchable Data Using Regex and the XML Classes". learn.microsoft.com. 24 June 2011.
  8. ^ "Log File Viewer - SQL Server". learn.microsoft.com. 28 February 2023.
  9. ^ a b "Extended Log File Format". www.w3.org.
  10. ^ "The Transaction Log (SQL Server) - SQL Server". learn.microsoft.com. 27 September 2023.
  11. ^ Stankovic, Ivan (February 11, 2014). "A beginner's guide to SQL Server transaction logs".
  12. ^ "Understanding the importance of transaction logs in SQL Server". TechRepublic. November 11, 2004.
  13. ^ "Logfiles". www.neurobs.com.
  14. ^ Jansen, Bernard J. (2006). "Search log analysis: What it is, what's been done, how to do it". Library & Information Science Research. 28 (3). Elsevier BV: 407–432. doi:10.1016/j.lisr.2006.06.005. ISSN 0740-8188.
  15. ^ "LogFile Class (Microsoft.SqlServer.Management.Smo)". learn.microsoft.com.
  16. ^ Brandom, Russell (2 January 2018). "Iran blocks encrypted messaging apps amid nationwide protests". The Verge. Vox Media. Archived from the original on 22 March 2018. Retrieved 23 March 2018.
  17. ^ Server, Caddy Web. "How Logging Works - Caddy Documentation". caddyserver.com.