Storage and retrieval of system log events using a structured schema based on message type transformation

Authors:
Adetokunbo Makanju;A. Nur Zincir-Heywood;Evangelos E. Milios
Affiliations:
Dalhousie University, Halifax, Nova Scotia, Canada;Dalhousie University, Halifax, Nova Scotia, Canada;Dalhousie University, Halifax, Nova Scotia, Canada
Venue:
Proceedings of the 2011 ACM Symposium on Applied Computing
Year:
2011

Citing 9
Cited 1

Tree visualization with tree-maps: 2-d space-filling approach

ACM Transactions on Graphics (TOG)
Towards informatic analysis of syslogs

CLUSTER '04 Proceedings of the 2004 IEEE International Conference on Cluster Computing
What Supercomputers Say: A Study of Five System Logs

DSN '07 Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
LogView: Visualizing Event Log Clusters

PST '08 Proceedings of the 2008 Sixth Annual Conference on Privacy, Security and Trust
Alert Detection in System Logs

ICDM '08 Proceedings of the 2008 Eighth IEEE International Conference on Data Mining
Clustering event logs using iterative partitioning

Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
One Graph Is Worth a Thousand Logs: Uncovering Hidden Structures in Massive System Event Logs

ECML PKDD '09 Proceedings of the European Conference on Machine Learning and Knowledge Discovery in Databases: Part I
Detecting large-scale system problems by mining console logs

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Fast entropy based alert detection in super computer logs

DSNW '10 Proceedings of the 2010 International Conference on Dependable Systems and Networks Workshops (DSN-W)

Structured and Interoperable Logging for the Cloud Computing Era: The Pitfalls and Benefits

UCC '13 Proceedings of the 2013 IEEE/ACM 6th International Conference on Utility and Cloud Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Message types are semantic groupings of the free form messages in system log events. The message types that exist in a log file, if known, can be used in several log management and analysis tasks. In this work, we explore the use of message types as a schema definition for the storage and retrieval of messages in event logs. We show how message types can be used to impose structure on the unstructured content of event logs and how this structured representation can provide a usable index for searching the contents of the log file. As a side benefit, the structured representation that message types impose also leads to the removal of redundant information in the event logs that leads to space savings on disk.