system event log - school of computingmind/papers/deeplog_short.pdf · 2017-12-04 · 29 deeplog a...

Report

Post on 10-Mar-2020

0 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

2

3

System Event LogExist practically on

every computer system!

Automatic Analysis?

4

SystemEventLog

Started service A on port 80Executor updated: app-1 is now LOADING……

5

SystemEventLog

Structured Data

Log key

printf(“Started service %s on port %d”, x, y);

LOG PARSING

Started service A on port 80Executor updated: app-1 is now LOADING……

Started service * on port *Executor updated: * is now LOADING……

6

SystemEventLog

Structured Data Anomaly Detection

LOG ANALYSIS

LOG PARSING

Started service A on port 80Executor updated: app-1 is now LOADING……

Started service * on port *Executor updated: * is now LOADING……

Log key

printf(“Started service %s on port %d”, x, y);

7

8

SPELLA streaming log

parser published in ICDM’16

Deletion of file1 complete. Deletion of file1 complete.

log keylog message

Deletion of file2 complete. Deletion of * complete.

parameters

[ ]

[file2]

9

DeepLog

Anomaly Detection Diagnosis

10

TrainingStage

DetectionStage

MODELS

11

DetectionStage

MODELS

12

DetectionStage

MODELS

13

DetectionStage

MODELS

14

DetectionStage

MODELS

15

TrainingStage

MODELS

16

TrainingStage

MODELS

17

TrainingStage

MODELS

18

TrainingStage

MODELS

19

TrainingStage

MODELS

20

TrainingStage

MODELS

21

Use long short-term memory (LSTM) architecture

In detection stage, DeepLog checks if the actual next log key is among its top g probable predictions.

22

Method 1: Using LSTM prediction probabilities

Method 2: Using co-occurrence matrix

23

24

Multi-variate time series data anomaly detection problem!--- Leverage LSTM to check reconstruction error.

25

Evaluation results on HDFS log data. (over a million log entries with labeled anomalies)

PCA (SOSP’09), IM (UsenixATC’10), N-gram (baseline language model)

26

Evaluation results on Blue Gene/L log, with and without online model update.

27

Evaluation results on OpenStack cloud log with different confidence intervals (CIs)

28

Diagnosis using constructed workflow.

Injected anomaly: during VM creation, network speed from controller to compute node is throttled.

29

DeepLog

➢ A realtime system log anomaly detection framework.

➢ LSTM is used to model system execution paths and log parameter values.

➢ Workflow models are built to help anomaly diagnosis.

➢ It supports online model update.

Min Dumind@cs.utah.edu

top related

system logging and log analysis - marcus ranum
Documents
turner subcontractor prequalification system log-in...
Documents
interactive visualization for system log analysis
Documents
hitman system for log scalers
Technology
deeplog: anomaly detection and diagnosis from system logs...
Documents
sonicwall management services system log
Documents
post2-log in system
Documents
incremental learning of system log formats
Documents
system log files records retention...
Documents
en60945 combined em log & meteorological system. en60945...
Documents
deeplog: anomaly detection and diagnosis from system logs...
Documents
quality sashco products roof system log builder log caulk...
Documents
log plus system architecture...
Documents
log in to the grant management system (gms):
Documents
managing the system event log - cisco...managing the system...
Documents
the design and implementation of a log-structured ... -...
Documents
log-structured file system sriram govindan sgovinda@cse
Documents
ibm disconnected log collector: ibm disconnected log ...4...
Documents
log system (for internet cafe) - mut
Documents
deeplog: anomaly detection and diagnosis from...
Documents