What Is Log Analysis?

Log analysis is the skill set of translating data generated by a computer into meaningful information. Computer programs are often programmed to generate "logs," such as error reports, indicating the general functionality of the item. To conserve space on the computer system's hard drive, these logs are often written in shorthand, making translation necessary to extract the information. Translating logs to data is often used in system troubleshooting, correlation between seemingly unrelated events on a system, and classifying log information for archival purposes.

Computer log data looks like complete gibberish to anyone untrained to understand it. Log analysis works to convert that information back into useful, readable English. The log data in the computer is often provided with time stamp information, allowing the log analyst to generate a working timeline of the previous day's or week's events within the program. When the translated logs from various active programs on the system are compared, patterns can emerge that can help to streamline, optimize, troubleshoot, and error-proof the computer.

Imagine a computer running 10 or 20 programs at the same time. Now imagine that every day at 9:00AM, the computer crashes. In the absence of log data, it can be difficult or even impossible to predict the root cause of the issue. With log analysis, a technician can quickly obtain and translate the log reporting information from each program, looking for any anomalous behavior that might have triggered the crash. If only one program reports a problem at that specific time, the cause becomes apparent; if two or more programs report identical issues, the technician can use the log data to delve deeper, looking for a potential conflict between the two malfunctioning programs.

Log analysis can also be used to track the progress of malicious programs in the system by following their proverbial "footsteps" across various active programs. Finding patterns in the logs of various programs can help log technician to detect otherwise unnoticed hacker activity on the computer network. For example, finding a strange access pattern in a single program might seem like an anomaly in the system, but if the same access pattern suddenly appears in a dozen different logs, chances are good that someone has hacked into the computer.

In general, log analysis is only as useful as the person doing the analyzing. While a skilled technician with years of experience may be able to find errors and other patterns in seemingly disparate data, a novice might stumble right past the same clues. The program logs provide the raw data necessary to make adjustments, but only through human intuition can that data be processed into a useful form.