Cyber Defence Library

Mining Event Logs with SLCT and LogHound

Mining Event Logs with SLCT and LogHound

With the growth of communication networks, event logs are increasing in size at a fast rate. Today, it is not uncommon to have systems that generate tens of gigabytes of log data per day. Log data are likely to contain information that deserves closer attention – such as security events – but the task of reviewing logs manually is beyond the capabilities of a human. This paper discusses data mining tools SLCT and LogHound that were designed for assisting system management personnel in extracting knowledge from event logs.

Published in: Proceedings of the 2008 IEEE/IFIP Network Operations and Management Symposium.
Full text can be accessed here.