Log Analysis / Network Log Analysis

Log analysis (or system and network log analysis) is an art and science seeking to make sense out of computer-generated records. The process of creating such records is called data logging.

Typical reasons why people perform log analysis are:

* Compliance with security policies
* System troubleshooting
* Forensics
* Security incident response

Logs are emitted by network devices, operating systems, applications and all manner of intelligent or programmable device. A stream of messages in time-sequence often comprise a log. Logs may be directed to files, stored on disk, or directed as a network stream, directed to a log collector.

Log messages must usually be interpreted with respect to the internal state of its source (e.g., application) and announce security-relevant or operations-relevant events (e.g., a user login, or a systems error).

Logs are often created by the software developers to aid in the debugging of the operation of the application. The syntax and semantics of data within log messages are usually application. The authentication of a user to an application may be described as a login, a logon, a user connection or authentication event. Hence, log analysis must interpret messages within the context of an application, system or configuration in order to make useful comparisons to messages from different log sources.

Log message format or content may not always be fully documented. Hence log analyzer software is to induce the system to emit the full range of messages in order to understand the complete domain from which the messages must be interpreted.

A log analyzer may map varying terminology from different log sources into a uniform, normalized terminology so that reports and statistics can be derived from a heterogeneous environment. E.g., log messages from Windows, Unix, network firewalls, databases may be aggregated into a "normalized" report.

Resource:Free Web Log Analyzer / Software