Refereed Papers: Real-time Log File Analysis Using the Simple Event Correlator (SEC)

Authors:
John P. Rouillard
Affiliations:
University of Massachusetts at Boston
Venue:
LISA '04 Proceedings of the 18th USENIX conference on System administration
Year:
2004

Citing 5
Cited 11

Automated System Monitoring and Notification With Swatch

LISA '93 Proceedings of the 7th USENIX conference on System administration
Extending UNIX System Logging with SHARP

LISA '00 Proceedings of the 14th USENIX conference on System administration
A New Architecture for Managing Enterprise Log Data

LISA '02 Proceedings of the 16th USENIX conference on System administration
MieLog: A Highly Interactive Visual Log Browser Using Information Visualization and Statistical Analysis

LISA '02 Proceedings of the 16th USENIX conference on System administration
Process Monitor: Detecting Events That Didn't Happen

LISA '02 Proceedings of the 16th USENIX conference on System administration

Holistic VoIP intrusion detection and prevention system

Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Tracking in a spaghetti bowl: monitoring transactions using footprints

SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Petascale system management experiences

LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
A parallel grid-based implementation for real-time processing of event log data of collaborative applications

International Journal of Web and Grid Services
Adding value to log event correlation using distributed techniques

Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Mining invariants from console logs for system problem detection

USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Online event correlations analysis in system logs of large-scale cluster systems

NPC'10 Proceedings of the 2010 IFIP international conference on Network and parallel computing
Log analysis and event correlation using variable temporal event correlator (VTEC)

LISA'10 Proceedings of the 24th international conference on Large installation system administration
An event correlation approach for fault diagnosis in SCADA infrastructures

EWDC '11 Proceedings of the 13th European Workshop on Dependable Computing
Provenance for system troubleshooting

LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Classification of Log Files with Limited Labeled Data

Proceedings of Principles, Systems and Applications on IP Telecommunications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Log analysis is an important way to keep track of computers and networks. The use of automated analysis always results in false reports, however these can be minimized by proper specification of recognition criteria. Current analysis approaches fail to provide sufficient support for the recognizing the temporal component of log analysis. Temporal recognition of event sequences fall into distinct patterns that can be used to reduce false alerts and improve the efficiency of response to problems. This paper discusses these patterns while describing the rationale behind and implementation of a ruleset created at the CS department of the University of Massachusetts at Boston for SEC - the Simple Event Correlation program.