Wtmp not updating
The former is used for most of the logs in your typical system as they are easy to write and, perhaps more importantly, easy to read.
The issue with text files is that they can sometimes be difficult to extract information from in a structured way, because the text format of the files allows the information to be written in any way or structure.
For example, on Solaris, by default, mail debug entries are written into /var/log/syslog. Additional logs in /var/log on Solaris $ ls -al /var/log/ total 48158 drwxr-xr-x 7 root sys 512 Feb 3 . -rw------- 1 root sys 0 Jan 12 authlog -rw-r--r-- 1 root other 27 Feb 2 brlog drwxr-xr-x 2 root root 512 Feb 2 gdm drwxr-xr-x 2 root sys 512 Feb 2 pool -rw-r--r-- 1 root sys 24480410 Feb 3 drwxr-xr-x 2 root sys 512 Feb 2 swupas -rw-r--r-- 1 root other 635 Feb 2 -rw-r--r-- 1 root sys 3967 Feb 3 syslog drwxr-xr-x 3 root sys 512 Feb 2 webconsole drwxr-xr-x 2 root sys 512 Feb 2 xen -rw-r--r-- 1 root root 66171 Feb 3 Xorg.0-rw-r--r-- 1 root root 66256 Feb 3 Xorg.0old Of course finding the files is the least of the issues.
Although parsing and extracting the content of the log files for information can be time consuming and sometimes complex, the wealth of information in those logs is difficult to ignore.Depending on the UNIX variants, some logs may be littered about in other places, but there has been a significant attempt to standardize on log file locations to one of the directories already mentioned.Log types fall into two categories, text log files that contain messages and information in a simple text format, and files that are encoded in a binary format.The severity can be marked as (the system needs urgent help).The service is highly configurable (generally through /etc/syslog.conf, or the equivalent), and allows you to select what classes of information to log, and where to log the information.