A
log message is an individual
entry contained within a
log file.
Log messages describe a single
event that occurred on
the system.
Here is an example of a log message:
Jan 12 14:11:06 l174 sshd[14714]: Failed password for root from 1.2.3.4 port 42351 ssh
This message doesn't mean much unless we know that
root cannot
log in from outside the
subnet, that
root tried to log in 47 times from this
ip address (it wasn't a simple mistake), and that many other users attempted to
log in from this
ip address. These are both examples of why
context information is necessary when performing
log analysis