It is desirable to monitor log entries received from various devices and pieces of software in a network. Frequently, those other devices or pieces of software may create several logging messages for reasons of convenience, speed, or reliability. This is done, for example, so that some information will reach the central point for the event, even if not all information does. For instance, it may be desirable to send a log message before the work is completed to make sure something is recorded even if the system later crashes before completely finishing the work in question.
In addition, certain types of log events occur in the device over time. It is considered desirable to send loggable events as they occur, instead of waiting until all loggable occurrences have happened for an event at a device.
If multiple devices send log entries to one or more central collection points in the network, the log entries for the various events from the various devices will most likely arrive interspersed with each other. The various log entries may not be adjacent in the log. They may be interleaved with very similar events. They may be spread across several log files. The sequence of entries may not be complete (perhaps the sensor crashed before the operation was completed).
What is needed is a way to automatically collect high-level event information from log entries that were generated under the problematic conditions described above.