Log File
A .log file is a plain-text record of events, errors, or transactions generated by software applications and operating systems. FileDex provides reference information only.
Log files are plain text records. Format conversion is not applicable.
أسئلة شائعة
How do I view and search a large .log file efficiently?
Use less for interactive viewing — it loads files without reading the entire file into memory, handling multi-gigabyte logs smoothly. Press / to search forward and ? to search backward. For targeted extraction, grep with -n (line numbers) and -C (context lines) isolates relevant entries. On Windows, Get-Content -Tail in PowerShell streams the end of a log file.
What are the syslog severity levels?
RFC 5424 defines eight levels: 0 Emergency, 1 Alert, 2 Critical, 3 Error, 4 Warning, 5 Notice, 6 Informational, 7 Debug. Lower numbers indicate higher severity — a counterintuitive ordering inherited from early Unix kernel priorities. Most applications log at levels 3-7, with 0-2 reserved for conditions requiring immediate human attention.
How does log rotation work?
Log rotation prevents unbounded file growth by archiving and replacing active log files on a schedule. On Linux, the logrotate daemon runs daily via cron, renaming current logs, optionally compressing rotated copies with gzip, and sending a signal (typically SIGHUP) to the application to reopen its log file. Configuration in /etc/logrotate.d/ specifies rotation frequency, retention count, and compression options.
What is the difference between .log and .evtx files on Windows?
A .log file is plain text readable in any editor. A .evtx file is the Windows Event Log binary format, structured with XML-based event records and viewable only through Event Viewer or PowerShell's Get-WinEvent cmdlet. The two formats serve similar purposes but are not interchangeable — .evtx supports indexing and filtering that plain-text .log files cannot provide natively.
ما يميز .LOG
Plain-text log files are the oldest and most universal form of software telemetry, predating structured databases and modern observability platforms by decades. The syslog protocol (RFC 5424) defines exactly 8 severity levels numbered 0-7, where 0 is Emergency and 7 is Debug — this numbering is inverted from what most developers expect because it derives from 1980s Unix where lower numbers meant higher priority for kernel panic messages.
اكتشف التفاصيل التقنية
Common Log Formats
Apache's Common Log Format records one HTTP request per line: remote host, identity, user, timestamp, request line, status code, and response size. The Combined Log Format extends this with referer and user-agent fields. Both formats use space-delimited fields with timestamps in square brackets. Syslog (RFC 5424) structures each line with a priority value, version, timestamp, hostname, application name, process ID, and message ID before the free-text message body. JSON Lines (.jsonl) is increasingly common — each line is a self-contained JSON object, enabling structured queries without a schema definition.
Log Rotation
Unmanaged log files grow without bound. The logrotate utility on Linux handles this by renaming the current log (e.g., app.log becomes app.log.1), optionally compressing old files, and signaling the application to open a fresh file. Rotation policies specify maximum file size, age, or count. Windows Event Log uses a different approach — the .evtx binary format supports circular buffering where old entries are overwritten automatically, but .evtx is a distinct binary format, not a plain-text .log file.
Structured vs Unstructured Logging
Traditional log files contain free-form text that must be parsed with regular expressions to extract fields. Structured logging libraries (e.g., serilog, structlog, winston) emit each entry as a key-value record — typically JSON — making machine parsing reliable. The tradeoff is human readability: a grep through a traditional syslog file is immediate, while JSON log entries require a tool like jq to filter and format.
Encoding and Line Endings
Most .log files use UTF-8 or ASCII encoding with LF (Unix) or CRLF (Windows) line endings. Mixed encodings within a single log file occur when applications write both ASCII messages and user-supplied Unicode data without normalization. Log analysis tools must handle this gracefully or risk garbling multi-byte characters.
صيغ ذات صلة
المرجع التقني
- نوع MIME
text/plain- المطوّر
- Various
- سنة التقديم
- 1970
- معيار مفتوح
- نعم
البنية الثنائية
Log files have no fixed magic bytes — they are plain text, typically UTF-8 or ASCII encoded, with LF (0x0A) or CRLF (0x0D 0x0A) line endings. Each line represents one event entry. Format varies by application: Apache logs use space-delimited fields, syslog uses the RFC 5424 priority-timestamp-hostname structure, and JSON Lines logs contain one JSON object per line. Windows .evtx files are a separate binary format and should not be confused with plain-text .log files.
نقاط الضعف
- Log files may inadvertently contain sensitive data: passwords passed as URL query parameters, session tokens, API keys, or personally identifiable information
- Log injection attacks insert crafted entries that mimic legitimate log lines, potentially misleading forensic investigators or triggering automated alerting rules
الحماية: FileDex does not open, execute, or parse these files. Reference page only.