Automated System Monitoring and Notification With Swatch
LISA '93 Proceedings of the 7th USENIX conference on System administration
Extending UNIX System Logging with SHARP
LISA '00 Proceedings of the 14th USENIX conference on System administration
A New Architecture for Managing Enterprise Log Data
LISA '02 Proceedings of the 16th USENIX conference on System administration
LISA '02 Proceedings of the 16th USENIX conference on System administration
Process Monitor: Detecting Events That Didn't Happen
LISA '02 Proceedings of the 16th USENIX conference on System administration
Holistic VoIP intrusion detection and prevention system
Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Tracking in a spaghetti bowl: monitoring transactions using footprints
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Petascale system management experiences
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
International Journal of Web and Grid Services
Adding value to log event correlation using distributed techniques
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Mining invariants from console logs for system problem detection
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Online event correlations analysis in system logs of large-scale cluster systems
NPC'10 Proceedings of the 2010 IFIP international conference on Network and parallel computing
Log analysis and event correlation using variable temporal event correlator (VTEC)
LISA'10 Proceedings of the 24th international conference on Large installation system administration
An event correlation approach for fault diagnosis in SCADA infrastructures
EWDC '11 Proceedings of the 13th European Workshop on Dependable Computing
Provenance for system troubleshooting
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Classification of Log Files with Limited Labeled Data
Proceedings of Principles, Systems and Applications on IP Telecommunications
Hi-index | 0.00 |
Log analysis is an important way to keep track of computers and networks. The use of automated analysis always results in false reports, however these can be minimized by proper specification of recognition criteria. Current analysis approaches fail to provide sufficient support for the recognizing the temporal component of log analysis. Temporal recognition of event sequences fall into distinct patterns that can be used to reduce false alerts and improve the efficiency of response to problems. This paper discusses these patterns while describing the rationale behind and implementation of a ruleset created at the CS department of the University of Massachusetts at Boston for SEC - the Simple Event Correlation program.