Analyzing system logs: a new view of what's important

Authors:
Sivan Sabato;Elad Yom-Tov;Aviad Tsherniak;Saharon Rosset
Affiliations:
IBM Haifa Labs, Haifa University Campus, Haifa, Israel;IBM Haifa Labs, Haifa University Campus, Haifa, Israel;IBM Haifa Labs, Haifa University Campus, Haifa, Israel;IBM T.J. Watson Research Center, Yorktown Heights, NY
Venue:
SYSML'07 Proceedings of the 2nd USENIX workshop on Tackling computer systems problems with machine learning techniques
Year:
2007

Citing 8
Cited 6

Graphical analysis of computer log files

Communications of the ACM
Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond

Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond
Introduction to Modern Information Retrieval

Introduction to Modern Information Retrieval
Pattern Classification (2nd Edition)

Pattern Classification (2nd Edition)
Automated System Monitoring and Notification With Swatch

LISA '93 Proceedings of the 7th USENIX conference on System administration
MieLog: A Highly Interactive Visual Log Browser Using Information Visualization and Statistical Analysis

LISA '02 Proceedings of the 16th USENIX conference on System administration
An integrated framework on mining logs files for computing system management

Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
Towards informatic analysis of syslogs

CLUSTER '04 Proceedings of the 2004 IEEE International Conference on Cluster Computing

One Graph Is Worth a Thousand Logs: Uncovering Hidden Structures in Massive System Event Logs

ECML PKDD '09 Proceedings of the European Conference on Machine Learning and Knowledge Discovery in Databases: Part I
A graphical representation for identifier structure in logs

SLAML'10 Proceedings of the 2010 workshop on Managing systems via log analysis and machine learning techniques
Smarter log analysis

IBM Journal of Research and Development
Spatio-temporal decomposition, clustering and identification for alert detection in system logs

Proceedings of the 27th Annual ACM Symposium on Applied Computing
Models of user engagement

UMAP'12 Proceedings of the 20th international conference on User Modeling, Adaptation, and Personalization
3-Dimensional root cause diagnosis via co-analysis

Proceedings of the 9th international conference on Autonomic computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

System logs, such as the Windows Event log or the Linux system log, are an important resource for computer system management. We present a method for ranking system log messages by their estimated value to users, and generating a log view that displays the most important messages. The ranking process uses a dataset of system logs from many computer systems to score messages. For better scoring, unsupervised clustering is used to identify sets of systems that behave similarly. We propose a new feature construction scheme that measures the difference in the ranking of messages by frequency, and show that it leads to better clustering results. The expected distribution of messages in a given system is estimated using the resulting clusters, and log messages are scored using this estimation. We show experimental results from tests on xSeries servers. A tool based on the described methods is being used to aid support personnel in the IBM xSeries support center.