Logs are a record of the internal workings of a system.
Nowadays, organizations can have hundreds and, more regularly, thousands of managed computers, servers, mobile devices, and applications; even refrigerators are generating logs in this Internet of Things era.
The result is the production of terabytes of log data—event logs, network flow logs, and application logs, to name a few—that must be carefully sorted, analyzed, and stored.
Without a log management tool, you would need to manually search through many directories of log files on each system to access and extract meaning from these millions of event logs.
Historically, writing a script to automate log collection at set timetables was the norm, but this approach is not scalable across modern systems and environments.
Even using syslog—a UNIX program that copies logs to a central server—is operating system dependent and not easily configured.
This is where log aggregation comes in.