Fast entropy based alert detection in super computer logs

Authors:
Adetokunbo Makanju;A. Nur Zincir-Heywood;Evangelos E. Milios
Affiliations:
Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada. B3H 1W5;Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada. B3H 1W5;Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada. B3H 1W5
Venue:
DSNW '10 Proceedings of the 2010 International Conference on Dependable Systems and Networks Workshops (DSN-W)
Year:
2010

Citing 0
Cited 2

Storage and retrieval of system log events using a structured schema based on message type transformation

Proceedings of the 2011 ACM Symposium on Applied Computing
UBL: unsupervised behavior learning for predicting performance anomalies in virtualized cloud systems

Proceedings of the 9th international conference on Autonomic computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

The task of alert detection in event logs is very important in preventing or recovering from downtime events. The ability to do this automatically and accurately provides significant savings in the time and cost of downtime events. The Nodeinfo algorithm, which is currently in production use at Sandia National Laboratories, is an entropy based algorithm for alert detection in event logs. Automatic alert detection needs to be fast for it to be practical in a production environment. In this work we show that with Message Type Indexing (MTI) the computational effort required for alert detection can be reduced by up to 99%. This can be achieved without a drop in detection performance. Our proposed method has special significance because it provides a framework for alert detection which requires little or no human input, due to message type extraction required for MTI being carried out automatically using the Iterative Partitioning Log Mining (IPLoM) algorithm.