Accurate and Efficient Log Template Discovery Technique (정확하고 효율적인 로그 템플릿 발견 기법)

Byungchul Tak (탁병철)

doi:10.9708/jksci.2018.23.10.011

Accurate and Efficient Log Template Discovery Technique

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2018, 23(10), pp.11-21
DOI : 10.9708/jksci.2018.23.10.011
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : September 28, 2018
Accepted : October 22, 2018
Published : October 31, 2018

Byungchul Tak ¹

¹경북대학교

Accredited

ABSTRACT

In this paper we propose a novel log template discovery algorithm which achieves high quality of discovered log templates through iterative log filtering technique. Log templates are the static string pattern of logs that are used to produce actual logs by inserting variable values during runtime. Identifying individual logs into their template category correctly enables us to conduct automated analysis using state-of-the-art machine learning techniques. Our technique looks at the group of logs column-wise and filters the logs that have the value of the highest proportion. We repeat this process per each column until we are left with highly homogeneous set of logs that most likely belong to the same log template category. Then, we determine which column is the static part and which is the variable part by vertically comparing all the logs in the group. This process repeats until we have discovered all the templates from given logs. Also, during this process we discover the custom patterns such as ID formats that are unique to the application. This information helps us quickly identify such strings in the logs as variable parts thereby further increasing the accuracy of the discovered log templates. Existing solutions suffer from log templates being too general or too specific because of the inability to detect custom patterns. Through extensive evaluations we have learned that our proposed method achieves 2 to 20 times better accuracy.

KEYWORDS

Log template, Log analysis, Log parsing

Citation status

* References for papers published after 2023 are currently being built.

[confproc] K. Kc / 2011 / Efficient log-based troubleshooting system for computing infrastructures / IEEE International Symposium on Reliable Distributed Systems (SRDS)

[confproc] B. C. Tak / 2016 / LOGAN: Problem Diagnosis in the Cloud Using Log-based Reference Models / IEEE International Conference on Cloud Engineering (IC2E) : 62~67

[confproc] X. Fu / 2014 / Digging deeper into cluster system logs for failure prediction and root cause diagnosis / 2014 IEEE International Conference on Cluster Computing (CLUSTER) / IEEE : 103~112

[confproc] Min Du / 2017 / DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning / Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security / ACM

[confproc] W. Xu / 2009 / Detecting large-scale system problems by mining console logs / Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, SOSP '09 / ACM : 117~132

[confproc] J.-G. Lou / 2010 / Mining invariants from console logs for system problem detection / Proceedings of the 2010 USENIX Conference on USENIX Annual Technical Conference, USENIX ATC'10 / USENIX Association

[confproc] C. Lim / 2008 / A log mining approach to failure analysis of enterprise telephony systems / IEEE International Conference on Dependable Systems and Networks

[confproc] K. Nagaraj / 2012 / Structured comparative analysis of systems logs to diagnose performance problems / Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation, NSDI'12

[confproc] Risto Vaarandi / 2003 / A Data Clustering Algorithm for Mining Patterns from Event Logs / Proceedings of the 3rd IEEE Workshop on IP Operations & Management (IPOM) : 119~126

[confproc] R Vaarandi / 2008 / Mining event logs with SLCT and LogHound / 2008 IEEE Network Operations and Management Symposium (NOMS)

[journal] A. Makanju / 2012 / A lightweight algorithm for message type extraction in system application logs / IEEE Transactions on Knowledge and Data Engineering

[confproc] A. A. Makanju / 2009 / Clustering event logs using iterative partitioning / KDD '09: Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining : 1255~1264

[confproc] L. Tang / 2011 / Logsig: Generating system events from raw textual logs / Proceedings of ACM Conference on Information and Knowledge Management (CIKM)

[confproc] Pinjia He / 2017 / Drain: An Online Log Parsing Approach with Fixed Depth Tree / Proceedings of the IEEE International Conference on Web Services (ICWS 2017) : 33~40

[confproc] Q. Fu / 2009 / Execution anomaly detection in distributed systems through unstructured log analysis / ICDM'09: Proc. of International Conference on Data Mining

[web] / Apache Hadoop / https://hadoop.apache.org/

[web] / OpenStack / https://www.openstack.org/

[web] / Apache Cassandra / http://cassandra.apache.org/

[confproc] P. He / 2016 / An Evaluation Study on Log Parsing and Its Use in Log Mining / Proceedings of DSN'16: Proc. of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks

[confproc] L. Tang / 2010 / Logtree: A framework for generating system events from raw textual logs / Proceedings of the 2010 IEEE International Conference on Data Mining, ICDM '10 / IEEE Computer Society

[confproc] M. Mizutani / 2013 / Incremental mining of system log format / SCC'13: Proc. of the 10th International Conference on Services Computing

[web] / Apache Hadoop YARN / https://hortonworks.com/apache/yarn/

[confproc] Fei Wu / 2017 / Structural Event Detection from Log Messages / Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

[confproc] Animesh Nandi / 2016 / Anomaly Detection Using Program Control Flow Graph Mining from Execution Logs / Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

[confproc] Rui Ding / 2010 / Log 2 : A Cost-Aware Logging Mechanism for Performance Diagnosis / Proceedings of the 2015 USENIX Conference on USENIX Annual Technical Conference, USENIX ATC'15 / USENIX Association

This paper was written with support from the National Research Foundation of Korea.

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Accurate and Efficient Log Template Discovery Technique

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Accurate and Efficient Log Template Discovery Technique

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (25) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.