Analyzing system logs: A new view of what's important

Sivan Sabato, Elad Yom-Tov, Aviad Tsherniak, Saharon Rosset

Research output: Contribution to conferencePaperpeer-review

19 Scopus citations

Abstract

System logs, such as the Windows Event log or the Linux system log, are an important resource for computer system management. We present a method for ranking system log messages by their estimated value to users, and generating a log view that displays the most important messages. The ranking process uses a dataset of system logs from many computer systems to score messages. For better scoring, unsupervised clustering is used to identify sets of systems that behave similarly. We propose a new feature construction scheme that measures the difference in the ranking of messages by frequency, and show that it leads to better clustering results. The expected distribution of messages in a given system is estimated using the resulting clusters, and log messages are scored using this estimation. We show experimental results from tests on xSeries servers. A tool based on the described methods is being used to aid support personnel in the IBM xSeries support center.

Original languageEnglish
StatePublished - 2007
Externally publishedYes
Event2nd Workshop on Tackling Computer Systems Problems with Machine Learning Techniques, SysML 2007, co-located with NSDI 2007 - Cambridge, United States
Duration: 10 Apr 2007 → …

Conference

Conference2nd Workshop on Tackling Computer Systems Problems with Machine Learning Techniques, SysML 2007, co-located with NSDI 2007
Country/TerritoryUnited States
CityCambridge
Period10/04/07 → …

Funding

FundersFunder number
International Business Machines Corporation

    Fingerprint

    Dive into the research topics of 'Analyzing system logs: A new view of what's important'. Together they form a unique fingerprint.

    Cite this