Log analysis

Log messages must usually be interpreted concerning the internal state of its source (e.g., application) and announce security-relevant or operations-relevant events (e.g., a user login, or a systems error).

Logs are often created by software developers to aid in the debugging of the operation of an application or understanding how users are interacting with a system, such as a search engine.

For example, log messages from Windows, Unix, network firewalls, and databases may be aggregated into a "normalized" report for the auditor.

Hence, log analysis practices exist on the continuum from text retrieval to reverse engineering of software.

Log Analysis is often compared to other analytics tools such as application performance management (APM) and error monitoring.

Error monitoring is driven by developers versus operations, and integrates into code in exception handling blocks.