Log file

from Wikipedia, the free encyclopedia

A log file (including log file , event log file ; English log file ) contains the automatic guided log of all or certain actions of processes on a computer system .

Important applications are found primarily in process control and automation. In principle, all actions that are or could be required for a later investigation ( audit ) are recorded. The flight recorder in aircraft is an example of continuous logging, which is rarely evaluated, for example after an accident.

In the area of ​​the databases there is a transaction log in which changes to the database from correctly completed transactions (completed via commit ) are recorded in order to be able to restore the current database in the event of an error (e.g. system crash).

The word log file is increasingly used in parts of the blogosphere as a term for a blog entry. With this meaning, the term was initially only used by Log-Files.de (this page is now blocked), but is now popular with blogs with a purely diary character.

Example of a log file - here the activity of the keylogger Wolfeye

Basics

On a PC, log files of certain actions can be written by one or more users on a computer without them noticing or influencing their work. The system logbook is essential for this (under Linux mostly in / var / log / messages , but Windows NT and its successors also write corresponding entries in one or more event logs ) if they are configured accordingly. This can u. a. the logins to the system are logged, but also other important information.

In addition to the operating system itself, background programs (e.g. an e-mail server , a proxy server and others) usually write to log files in order to keep action messages, error messages and information persistently (permanently) or temporarily available. The same applies to installation programs , firewalls , virus scanners and the like. Ideally, log files are stored on a drive separate from the application so as not to restrict the application's I / O resources .

Log files are also created by web servers , but can also be used outside the Internet to investigate the usability of programs, general user behavior or troubleshooting a system.

The log file is examined during the log file analysis.

Structure of a log line

In principle, a log line in a log file usually contains an event as well as the associated date and time as a time stamp . The time is usually put in front of it, since a log file is a chronological list.

Log file

The example shows the contents of the log file (shortened in the middle) under Windows XP ; on the left the time stamp, on the right the action performed at this time: \WINDOWS\system32\wbem\Logs\setup.log

(Sun Sep 13 23:02:05 2009): Beginning Wbemupgd.dll Registration
(Sun Sep 13 23:02:05 2009): Current build of wbemupgd.dll is 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
(Sun Sep 13 23:02:05 2009): Beginning Core Upgrade
(Sun Sep 13 23:02:05 2009): Beginning MOF load
(Sun Sep 13 23:02:05 2009): Processing C:\WINDOWS\system32\WBEM\cimwin32.mof
(Sun Sep 13 23:02:09 2009): Processing C:\WINDOWS\system32\WBEM\cimwin32.mfl
(Sun Sep 13 23:02:12 2009): Processing C:\WINDOWS\system32\WBEM\system.mof
(Sun Sep 13 23:02:16 2009): Processing C:\WINDOWS\system32\WBEM\evntrprv.mof
(Sun Sep 13 23:02:16 2009): Processing C:\WINDOWS\system32\WBEM\hnetcfg.mof
(Sun Sep 13 23:02:16 2009): Processing C:\WINDOWS\system32\WBEM\sr.mof
(Sun Sep 13 23:02:16 2009): Processing C:\WINDOWS\system32\WBEM\dgnet.mof
(Sun Sep 13 23:02:16 2009): Processing C:\WINDOWS\system32\WBEM\whqlprov.mof
(Sun Sep 13 23:02:16 2009): Processing C:\WINDOWS\system32\WBEM\ieinfo5.mof
(Sun Sep 13 23:02:17 2009): MOF load completed.
(Sun Sep 13 23:02:17 2009): Beginning MOF load
(Sun Sep 13 23:02:17 2009): MOF load completed.
(Sun Sep 13 23:02:17 2009): Core Upgrade completed.
(Sun Sep 13 23:02:17 2009): Wbemupgd.dll Service Security upgrade succeeded.
(Sun Sep 13 23:02:17 2009): Beginning WMI(WDM) Namespace Init
(Sun Sep 13 23:02:20 2009): WMI(WDM) Namespace Init Completed
(Sun Sep 13 23:02:20 2009): ESS enabled
(Sun Sep 13 23:02:20 2009): ODBC Driver <system32>\wbemdr32.dll not present
(Sun Sep 13 23:02:20 2009): Successfully verified WBEM OBDC adapter (incompatible version removed if it was detected).
(Sun Sep 13 23:02:20 2009): Wbemupgd.dll Registration completed.
(Sun Sep 13 23:02:20 2009):

Server log

A typical web server log file ("Combined Log Format") looks like this (excerpt with two entries): 

183.121.143.32 - - [18/Mar/2003:08:04:22 +0200] "GET /images/logo.jpg HTTP/1.1" 200 512 "http://www.wikipedia.org/" "Mozilla/5.0 (X11; U; Linux i686; de-DE;rv:1.7.5)"
183.121.143.32 - - [18/Mar/2003:08:05:03 +0200] "GET /images/bild.png HTTP/1.1" 200 805 "http://www.google.org/"
…
Explanation of the first line of the example entry
meaning Value in the example Explanation
IP address 183.121.143.32 IP address of the requesting host
Unoccupied - intended for RFC 1413 identity, which, however, is not determined by default (-)
who - Possibly. Username from an HTTP authentication, otherwise "-"
When [18 / Mar / 2003: 08: 04: 22 +0200] Time stamp (date, time, time difference)
What "GET /images/logo.jpg HTTP / 1.1" Request, an image, transmission protocol
OK 200 HTTP status codes (200 = successful request)
How much 512 Possibly. Amount of data sent ( bytes ), otherwise (e.g. for redirects) "-"
Where from "http://www.wikipedia.org/" From which website (URI) is requested
By which "Mozilla / 5.0 (X11; U; Linux i686; de-DE; rv: 1.7.6)" With which web browser / operating system / interface
Comment: where from? and with what? do not correspond to the common log file format .

If you cannot call up log files yourself on a server with your own website, then various web services (e.g. Nedstat or W3 Statistics) allow you to set a small counter on your own website. This counter is loaded again and again when the page is called up from the provider server, whereupon an evaluation of the accesses is created using the access log file in the form of tables and graphics. Aids can be counting pixels and HTTP cookies , whereby the latter enable website operators to keep log files on individual accessing computers over a longer period of time by storing unique serial numbers.

Log levels

Since logging all program events would use up the resources available for log files within a short period of time and make it more difficult to find certain events, different levels of urgency are defined, which can be switched on and off as required.

Usual definition of log levels:

Fatal
Error which leads to termination of the application.
Error
Runtime error that hinders the function of the application or unexpected program error.
Warning
Call of an outdated interface, incorrect call of an interface, user error or unfavorable program status.
info
Runtime information such as the start and stop of the application, user logins and logouts, and business transactions carried out.
Debug
Information on the program sequence. Is normally only used in development or to trace an error.
Trace
Detailed tracking of the program sequence, in particular to understand a programming error.

It is important here that only information on the program sequence and status should be collected in log files and databases, but no information on the users of the program.

Admissibility in Germany

According to Section 15 of the German Telemedia Act , service providers may only collect and use personal data of a user insofar as this is necessary to enable the use of telemedia and billing. Beyond the end of the usage process, usage data may only be stored insofar as they are necessary for billing purposes with the user. On this basis, the Berlin District Court decided in 2007 that the logging of the IP addresses of the users of a publicly accessible Internet portal without their consent is not permitted.

Logger

Loggers are software components for computer programs that write to or read from a log file.

Java

.NET

Delphi

Differentiation from other technologies

As part of application lifecycle management , in addition to decentralized log files, centralized logging databases are also used to enable a central evaluation of program errors and information. Such databases can be filled for example via a web service or by means of log scraping .

Log files are not suitable for real-time evaluation. Instead, monitoring mechanisms are used, such as Performance Counter and Event Tracing for Windows (ETW) on Windows systems or collectd ( system statistics collection daemon ) on Linux systems.

Another technology are operations databases , which among other things enable the status of business processes to be evaluated.

See also

literature

  • Ralph Kimball, Margy Ross: The Data Webhouse Toolkit . 2nd Edition. John Wiley & Sons, New York 2002, ISBN 0-471-20024-7 .
  • Brij Masand: Web Usage Analysis and User Profiling . Springer, Berlin 2000, ISBN 3-540-67818-2 .
  • C. Lutzky, MH Teichmann: Log files in market research: design options for analysis purposes . In: Yearbook of sales and consumption research . 2002, p. 295-317 .

Web links

Individual evidence

  1. Michael T. Nygard: Release It! Design and Deploy Production-Ready Software . O'Reilly, 2007, ISBN 978-0-9787392-1-8 (English, 326 pages).
  2. w3.org
  3. Nedstat - Web analytics ( Memento of the original of October 24, 2005 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.nedstat.com
  4. W3 Statistics (previously W3 Research) :: intelligent web statistics and web controlling
  5. Log4j log level. Apache, accessed March 6, 2017 .
  6. Judgment: Retention of communication traces prohibited. In: Daten-Speicherung.de - minimum data, maximum privacy. October 1, 2007, accessed May 3, 2016 .