Logs are important runtime information for any enterprise application deployed in production. Information extracted out of logs is used in a wide variety of ways over the lifetime of any application deployment, such as identifying access and/or security violations, troubleshooting a product issue, analyzing application performance, extracting performance metrics such as response times and run time memory usage, building a knowledge base related to usage patterns and/or trends, and analyzing large amounts of data, such as recommendation engines. Often the information that is captured in logs is turned into knowledge which can be used to improve the predictability and/or usability of an enterprise application. The kind of information and the amount of information that needs to be captured and processed in logs varies based on the requirements. For example, a logging mechanism that probes logs for security violations may evaluate information related to users, access control, and sequences of actions that have been performed on the data managed by that enterprise application. Traditional logging mechanisms mostly rely on the log statements that have been embedded into the business logic of enterprise applications for various levels and details to generate a set of logs. Single log statements are used to extract all of the information required to analyze all kinds of issues.
Enterprise applications are typically executed in a distributed system. A distributed system is a software system in which components located on networked computers communicate and coordinate their actions by passing messages. The components interact with each other in order to achieve a common goal. Examples of distributed systems vary from service-oriented architecture-based systems to peer-to-peer applications. Each component in a distributed system may have its own specific logging mechanism that locally stores its own corresponding logs.