Table of Contents
    Development 3 min read

    A log is a record of events that happen in hardware and software, either initiated by a person or a running process. Events can include accessing, deleting, or adding a file or application, modifying the system’s date, shutting the system down, and changing the system’s configuration.

    Log file

    A log file is a computer-generated data file that records either events occurring in an operating system (OS) or messages between different users of a communication software. It is the primary data source for network observability and contains information about usage patterns, activities, and operations, and is a key tool for monitoring security and performance. IT organizations can use analytics tools to monitor log files using tools such as log management, security event monitoring (SEM), security information management (SIM), or security information and event management (SIEM).

    Many kinds of hardware and software generate logs, among them computers, servers, network switches and routers, security devices such as firewalls, storage devices, and even virtual infrastructure like hypervisors and container management.

    Log files serve to keep track of things happening behind the scenes. If something malfunctions or otherwise goes wrong within a complex system, a detailed list of events is available to help solve the problem. Common subcategories of log files include:

    Windows event logs

    Windows is pre-configured to classify events into six categories based on the component at fault.

    • Application log: A log created when an event takes place within an application.
    • System log (Syslog): An event logged by the OS. These events are often predetermined by the OS itself.
    • Security log: A log that is created in response to security events such as failed log-ins, password changes, and file deletion.
    • Directory service log: This log is only available on domain controllers and is configured in response to security authentication requests.
    • DNS server log: A log that is used to record activity on a Domain Name System (DNS) server.
    • File replication service log: Also only available on domain controllers, a log that records information about file replications that take place on the computer.

    Linux event logs

    The Linux operating system is configured to generate and store log files. Events are placed into four categories and are essentially the same in function as Windows event logs:

    • Application logs
    • Event logs
    • Service logs
    • System logs

    iOS event logs

    While iOS doesn’t log every event that happens, it does generate documentation in case of application crashes. Log file data is accessed from components such as data encryption, internet services, privacy controls, and user password management.