In addition to the format in which the log file presents its data, it is important to think about the contents of these files because what the data represents and how it is represented both contribute to our plan of attack when programming. With log file contents, often a distinction can be made between data that is stateful and data that is stateless. Let’s see a couple of examples that will make this distinction clear.

Here’s a three-line snippet from an Apache web server log. Each line represents a request answered by the web server:

esnet-118.dynamic.rpi.edu - - [13/Dec/1998:00:04:20 -0500] "GET home/u1/tux/
tuxedo05.gif

HTTP/1.0" 200 18666 ppp-206-170-3-49.okld03.pacbell.net - - [13/Dec/1998:00:04:21
 -0500] "GET home/u2/news.htm 

HTTP/1.0" 200 6748 ts007d39.ftl-fl.concentric.net - - [13/Dec/1998:00:04:22 -0500]
 "GET home/u1/bgc.jpg HTTP/1.1" 304 -

Here are a few lines from a printer daemon log file:

Aug 14 12:58:46 warhol  printer: cover/door open 
Aug 14 12:58:58 warhol  printer: error cleared 
Aug 14 17:16:26 warhol  printer: offline or intervention needed 
Aug 14 17:16:43 warhol  printer: error cleared 
Aug 15 20:40:45 warhol  printer: paper out 
Aug 15 20:40:48 warhol  printer: error cleared

In both cases, each line of the log file is independent of every other line in the file. We can find patterns or aggregate lines together gathering statistics, but there’s nothing inherent in the data that connects the log file entries to each other.

Now consider some slightly ...