Log analysis (or system and network log analysis) can generate information about how a system is used. A log can include one or more computer-generated records of events that occur in a system, such as page visits, Remote Procedure Calls (RPCs) and downloads. The results of log analysis can help to improve compliance with security policies, perform audits of system usage, aid in system troubleshooting and assist in responding to security incidents.
Logs are emitted by network devices, operating systems, applications and different kinds of intelligent or programmable devices. A log can include a stream of messages ordered by the time at which events occur or are recorded. Logs may be directed to files, stored on disk, or directed as a network stream to a log collector.
The usage of a service usage can be measured by the number of occurrences of given individual events, such as page visits, Remote Procedure Calls, etc. Such individual events can be stored in a log and can be analyzed in view of the source of a request or call, its frequency, the times of day the event occurred and so on. The results of the analysis can help spot usage trends, such as the popularity of a given web page, the amount of time spent by a user on a page and the time of day when an RPC receives the most usage.