TY - CONF
T1 - Analyzing system logs
T2 - 2nd Workshop on Tackling Computer Systems Problems with Machine Learning Techniques, SysML 2007, co-located with NSDI 2007
AU - Sabato, Sivan
AU - Yom-Tov, Elad
AU - Tsherniak, Aviad
AU - Rosset, Saharon
N1 - Publisher Copyright:
© 2nd Workshop on Tackling Computer Systems Problems with Machine Learning Techniques, SysML 2007, co-located with NSDI 2007. All rights reserved.
PY - 2007
Y1 - 2007
N2 - System logs, such as the Windows Event log or the Linux system log, are an important resource for computer system management. We present a method for ranking system log messages by their estimated value to users, and generating a log view that displays the most important messages. The ranking process uses a dataset of system logs from many computer systems to score messages. For better scoring, unsupervised clustering is used to identify sets of systems that behave similarly. We propose a new feature construction scheme that measures the difference in the ranking of messages by frequency, and show that it leads to better clustering results. The expected distribution of messages in a given system is estimated using the resulting clusters, and log messages are scored using this estimation. We show experimental results from tests on xSeries servers. A tool based on the described methods is being used to aid support personnel in the IBM xSeries support center.
AB - System logs, such as the Windows Event log or the Linux system log, are an important resource for computer system management. We present a method for ranking system log messages by their estimated value to users, and generating a log view that displays the most important messages. The ranking process uses a dataset of system logs from many computer systems to score messages. For better scoring, unsupervised clustering is used to identify sets of systems that behave similarly. We propose a new feature construction scheme that measures the difference in the ranking of messages by frequency, and show that it leads to better clustering results. The expected distribution of messages in a given system is estimated using the resulting clusters, and log messages are scored using this estimation. We show experimental results from tests on xSeries servers. A tool based on the described methods is being used to aid support personnel in the IBM xSeries support center.
UR - http://www.scopus.com/inward/record.url?scp=85092792131&partnerID=8YFLogxK
M3 - ???researchoutput.researchoutputtypes.contributiontoconference.paper???
AN - SCOPUS:85092792131
Y2 - 10 April 2007
ER -