Decentralized log event correlation architecture

Authors:
Nabil Hammoud
Affiliations:
AMD Consulting, Paris, France and LIRIS-INSA de lyon, Villeurbanne cedex, France
Venue:
Proceedings of the International Conference on Management of Emergent Digital EcoSystems
Year:
2009

Citing 7
Cited 1

Reasoning about naming systems

ACM Transactions on Programming Languages and Systems (TOPLAS)
NiagaraCQ: a scalable continuous query system for Internet databases

SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Aggregation and Correlation of Intrusion-Detection Alerts

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aurora: a new model and architecture for data stream management

The VLDB Journal — The International Journal on Very Large Data Bases
ReVirt: enabling intrusion analysis through virtual-machine logging and replay

OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Mapping moving landscapes by mining mountains of logs: novel techniques for dependency model generation

VLDB '06 Proceedings of the 32nd international conference on Very large data bases
Log summarization and anomaly detection for troubleshooting distributed systems

GRID '07 Proceedings of the 8th IEEE/ACM International Conference on Grid Computing

Event log messages as a human interface, or, "do you pine for the days when men were men and wrote their own device drivers?"

Proceedings of the 22nd Conference of the Computer-Human Interaction Special Interest Group of Australia on Computer-Human Interaction

Quantified Score

Hi-index	0.00

Visualization

Abstract

In our rapidly evolving societies, every corporate is trying to improve its competitiveness by refactoring and improving some - if not all - of its industrial software infrastructure. This goes from mainframe applications that actually handle the company's profit generating material, to the internal desktop applications used to manage those application servers. These applications often have extended activity logging features that notify the administrators of events those programs encounter at runtime. Unfortunately, the standalone nature of the event logging sources renders difficult the correlation of log events. In this setting, "continuous queries" developed in the database area offer a deal of opportunity to query such evolving logs. This paper describe an approach that "adapt and employ continues queries" for distributed log event correlation. Our aims cope with problems facing the present log event management systems.