-
System logs (usually updated via the system logging daemon,
or syslogd, on UNIX-like systems) contain a wealth of information about
system activity, integrity, and security
-
Logs are often too verbose for busy administrators to
read completely
-
Many actions that an administrator might take in response
to log messages can be taken automatically if noteworthy conditions can
be reliably recognized
-
A log monitor is a daemon which automatically
responds to conditions revealed by one or more system log messages
-
A stateful log monitor is a log monitor that
infers the presence of a condition that requires attention by compiling
data from more than one log message
-
A log analyzer is a program that analyzes
and digests logs, but not in real time. (Example: Tom Boutell's Wusage
for Apache; see http://www.boutell.com/wusage/)
|