An Unsupervised Framework for Detecting Anomalous Messages from Syslog Log Files

System logs provide valuable information about the health status of IT systems and computer networks. Therefore, log file monitoring has been identified as an important system and network management technique. While many solutions have been developed for monitoring known log messages, the detection of previously unknown error conditions has remained a difficult problem.

In this paper, the authors, among them CCDCOE Technology Branch Researcher Markus Kont, present a novel data mining based framework for detecting anomalous log messages from syslog-based system log files. The paper also describes the implementation and performance of the framework in a large organizational network.

This paper has been previously published at the 2018 IEEE/IFIP Network Operations and Management Symposium, and the final version of the paper is included in Proceedings of the 2018 IEEE/IFIP Network Operations and Management Symposium.

← Library