SlideShare a Scribd company logo

Towards structured log analysis

Download as PPTX, PDF
Dileepa Jayathilake
Dileepa Jayathilake

This document discusses log analysis automation challenges, existing log management tools, and proposes a structured log analysis framework. It notes that while existing tools address some automation needs, they ignore the importance of log structure. The proposed framework uses a declarative language to express any log file format, provides rule-based automation scripts, and a flexible data management scheme. Areas of future work include adding more log management capabilities, real-time analysis, optimizing data handling, and improved user interfaces.

TechnologyBusiness
1 of 11
JCSSE 2012 Dileepa Jayathilake
Functional Troubleshooting Conformance Log Analysis in Use Monitoring Statistical Insight System Health
Log Analysis Domains Web server logs Network logs Security logs System logs Application logs
Even with Manual analysis expertise, needs manual log acquaintance analysis is with format laborious Manually Manual analysis dealing with hinders reusing vast amount of recurring log information analysis is difficult Automation patterns will save lot of costs
Log Analysis Automation Challenges Lack of a standard • “Universal Format for Logger Messages” - Expired without a successor • “Syslog” – Serves only a limited range of system logs Log file corruptions • Erasing parts of a log file, mixing up multiple log entries, presence of log entries in wrong order and garbage in the middle of log files Inappropriate log content • Problem stems from incorrect judgments of developers regarding the importance of log entries Varying log semantics • Format and the content logged can continue to evolve Huge sizes of log files • Log files can easily grow into gigabyte sizes in a commercial environment
Existing Log Management Tools
Identifying common constructs Log indexing Handling different log sources Dealing with different log types Rich user interfaces Alerts Intrusion detection Compliance validation Automate recurring analysis procedures Structured Log Analysis
Why Structured Log Analysis? Many log files manifest a structure Analysis needs contextual correctness Automation requires a structure-aware Example tool
Structured Log Analysis Framework
Conclusions Existing tools solve a subset of automated log analysis requirements, but ignore the importance of structure New declarative language is capable of expressing any log file format and is resilient to corruptions The scripting language provides solid infrastructure for rule based automation Data management scheme offers flexibility Current UI generation method is not appropriate
Future Work Add more log management capabilities Real time analysis Built-in format declarations for common log formats Optimize data management module to handle heterogeneous data efficiently UI generation based on HTML5

Recommended

Floss Community Metrics: Gource Custom Log Formats
Floss Community Metrics: Gource Custom Log FormatsFloss Community Metrics: Gource Custom Log Formats
Floss Community Metrics: Gource Custom Log FormatsDawn Foster
 
Spagic 3: OSGi Universal Middleware for an effective SOA solution
Spagic 3: OSGi Universal Middleware for an effective SOA solution Spagic 3: OSGi Universal Middleware for an effective SOA solution
Spagic 3: OSGi Universal Middleware for an effective SOA solution SpagoWorld
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event ManagemenS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Initial Kautilya Brochure Doc
Initial Kautilya Brochure DocInitial Kautilya Brochure Doc
Initial Kautilya Brochure DocSaket Rai
 
CADA english
CADA englishCADA english
CADA englishIBS Schreiber GmbH
 
A software monitoring framework for quality verification
A software monitoring framework for quality verificationA software monitoring framework for quality verification
A software monitoring framework for quality verificationDileepa Jayathilake
 
Association Rule Mining Scheme for Software Failure Analysis
Association Rule Mining Scheme for Software Failure AnalysisAssociation Rule Mining Scheme for Software Failure Analysis
Association Rule Mining Scheme for Software Failure AnalysisEditor IJMTER
 
Centralized logging
Centralized loggingCentralized logging
Centralized loggingblessYahu
 

Recommended

Floss Community Metrics: Gource Custom Log Formats
Floss Community Metrics: Gource Custom Log FormatsFloss Community Metrics: Gource Custom Log Formats
Floss Community Metrics: Gource Custom Log FormatsDawn Foster
 
Spagic 3: OSGi Universal Middleware for an effective SOA solution
Spagic 3: OSGi Universal Middleware for an effective SOA solution Spagic 3: OSGi Universal Middleware for an effective SOA solution
Spagic 3: OSGi Universal Middleware for an effective SOA solution SpagoWorld
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event ManagemenS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Initial Kautilya Brochure Doc
Initial Kautilya Brochure DocInitial Kautilya Brochure Doc
Initial Kautilya Brochure DocSaket Rai
 
CADA english
CADA englishCADA english
CADA englishIBS Schreiber GmbH
 
A software monitoring framework for quality verification
A software monitoring framework for quality verificationA software monitoring framework for quality verification
A software monitoring framework for quality verificationDileepa Jayathilake
 
Association Rule Mining Scheme for Software Failure Analysis
Association Rule Mining Scheme for Software Failure AnalysisAssociation Rule Mining Scheme for Software Failure Analysis
Association Rule Mining Scheme for Software Failure AnalysisEditor IJMTER
 
Centralized logging
Centralized loggingCentralized logging
Centralized loggingblessYahu
 
Combining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityCombining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityElasticsearch
 
Les logs, traces et indicateurs au service d'une observabilité unifiée
Les logs, traces et indicateurs au service d'une observabilité unifiéeLes logs, traces et indicateurs au service d'une observabilité unifiée
Les logs, traces et indicateurs au service d'une observabilité unifiéeElasticsearch
 
Overview SQL Server 2012
Overview SQL Server 2012Overview SQL Server 2012
Overview SQL Server 2012Juan Fabian
 
IT Discovery: Automated Global Assessment
IT Discovery: Automated Global AssessmentIT Discovery: Automated Global Assessment
IT Discovery: Automated Global AssessmentHaim Ben Zagmi
 
Log Analysis Engine with Integration of Hadoop and Spark
Log Analysis Engine with Integration of Hadoop and SparkLog Analysis Engine with Integration of Hadoop and Spark
Log Analysis Engine with Integration of Hadoop and SparkIRJET Journal
 
01 necto introduction_ready
01 necto introduction_ready01 necto introduction_ready
01 necto introduction_readywww.panorama.com
 
Java Batch for Cost Optimized Efficiency
Java Batch for Cost Optimized EfficiencyJava Batch for Cost Optimized Efficiency
Java Batch for Cost Optimized EfficiencySridharSudarsan
 
Software re engineering
Software re engineeringSoftware re engineering
Software re engineeringdeshpandeamrut
 
Writing Good Use Cases
Writing Good Use CasesWriting Good Use Cases
Writing Good Use CasesIBM Rational software
 
Persistent Analytical Instrumentation Expertise
Persistent Analytical Instrumentation ExpertisePersistent Analytical Instrumentation Expertise
Persistent Analytical Instrumentation ExpertiseSebastien RATTIER
 
What's New in EventLog Analyzer - Log Management Software
What's New in EventLog Analyzer - Log Management SoftwareWhat's New in EventLog Analyzer - Log Management Software
What's New in EventLog Analyzer - Log Management SoftwareManageEngine EventLog Analyzer
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesAaronLieberman5
 
Silhouette Threshold Based Text Clustering for Log Analysis
Silhouette Threshold Based Text Clustering for Log AnalysisSilhouette Threshold Based Text Clustering for Log Analysis
Silhouette Threshold Based Text Clustering for Log AnalysisIIRindia
 
Logging using ELK Stack for Microservices
Logging using ELK Stack for MicroservicesLogging using ELK Stack for Microservices
Logging using ELK Stack for MicroservicesVineet Sabharwal
 
IRJET- Speech Based Answer Sheet Evaluation System
IRJET- Speech Based Answer Sheet Evaluation SystemIRJET- Speech Based Answer Sheet Evaluation System
IRJET- Speech Based Answer Sheet Evaluation SystemIRJET Journal
 
21st Century Service Oriented Architecture
21st Century Service Oriented Architecture21st Century Service Oriented Architecture
21st Century Service Oriented ArchitectureBob Rhubart
 
SAP Sybase Event Streaming Processing
SAP Sybase Event Streaming ProcessingSAP Sybase Event Streaming Processing
SAP Sybase Event Streaming ProcessingSybase Türkiye
 
Centralized test automation framework implementation
Centralized test automation framework implementationCentralized test automation framework implementation
Centralized test automation framework implementationBharathi Krishnamurthi
 
openGauss - The evolution route of openGauss' AIcapabilities
openGauss - The evolution route of openGauss' AIcapabilitiesopenGauss - The evolution route of openGauss' AIcapabilities
openGauss - The evolution route of openGauss' AIcapabilitieswot chin
 
Structured and centralized logging with serilog
Structured and centralized logging with serilogStructured and centralized logging with serilog
Structured and centralized logging with serilogDenis Missias
 
Practical insights into fuzzy logic
Practical insights into fuzzy logic Practical insights into fuzzy logic
Practical insights into fuzzy logic Dileepa Jayathilake
 
Adapting View Models as a Means For Sharing User Interface Code Between OS X ...
Adapting View Models as a Means For Sharing User Interface Code Between OS X ...Adapting View Models as a Means For Sharing User Interface Code Between OS X ...
Adapting View Models as a Means For Sharing User Interface Code Between OS X ...Dileepa Jayathilake
 

More Related Content

Similar to Towards structured log analysis

Combining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityCombining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityElasticsearch
 
Les logs, traces et indicateurs au service d'une observabilité unifiée
Les logs, traces et indicateurs au service d'une observabilité unifiéeLes logs, traces et indicateurs au service d'une observabilité unifiée
Les logs, traces et indicateurs au service d'une observabilité unifiéeElasticsearch
 
Overview SQL Server 2012
Overview SQL Server 2012Overview SQL Server 2012
Overview SQL Server 2012Juan Fabian
 
IT Discovery: Automated Global Assessment
IT Discovery: Automated Global AssessmentIT Discovery: Automated Global Assessment
IT Discovery: Automated Global AssessmentHaim Ben Zagmi
 
Log Analysis Engine with Integration of Hadoop and Spark
Log Analysis Engine with Integration of Hadoop and SparkLog Analysis Engine with Integration of Hadoop and Spark
Log Analysis Engine with Integration of Hadoop and SparkIRJET Journal
 
01 necto introduction_ready
01 necto introduction_ready01 necto introduction_ready
01 necto introduction_readywww.panorama.com
 
Java Batch for Cost Optimized Efficiency
Java Batch for Cost Optimized EfficiencyJava Batch for Cost Optimized Efficiency
Java Batch for Cost Optimized EfficiencySridharSudarsan
 
Software re engineering
Software re engineeringSoftware re engineering
Software re engineeringdeshpandeamrut
 
Persistent Analytical Instrumentation Expertise
Persistent Analytical Instrumentation ExpertisePersistent Analytical Instrumentation Expertise
Persistent Analytical Instrumentation ExpertiseSebastien RATTIER
 
What's New in EventLog Analyzer - Log Management Software
What's New in EventLog Analyzer - Log Management SoftwareWhat's New in EventLog Analyzer - Log Management Software
What's New in EventLog Analyzer - Log Management SoftwareManageEngine EventLog Analyzer
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesAaronLieberman5
 
Silhouette Threshold Based Text Clustering for Log Analysis
Silhouette Threshold Based Text Clustering for Log AnalysisSilhouette Threshold Based Text Clustering for Log Analysis
Silhouette Threshold Based Text Clustering for Log AnalysisIIRindia
 
Logging using ELK Stack for Microservices
Logging using ELK Stack for MicroservicesLogging using ELK Stack for Microservices
Logging using ELK Stack for MicroservicesVineet Sabharwal
 
IRJET- Speech Based Answer Sheet Evaluation System
IRJET- Speech Based Answer Sheet Evaluation SystemIRJET- Speech Based Answer Sheet Evaluation System
IRJET- Speech Based Answer Sheet Evaluation SystemIRJET Journal
 
21st Century Service Oriented Architecture
21st Century Service Oriented Architecture21st Century Service Oriented Architecture
21st Century Service Oriented ArchitectureBob Rhubart
 
SAP Sybase Event Streaming Processing
SAP Sybase Event Streaming ProcessingSAP Sybase Event Streaming Processing
SAP Sybase Event Streaming ProcessingSybase Türkiye
 
Centralized test automation framework implementation
Centralized test automation framework implementationCentralized test automation framework implementation
Centralized test automation framework implementationBharathi Krishnamurthi
 
openGauss - The evolution route of openGauss' AIcapabilities
openGauss - The evolution route of openGauss' AIcapabilitiesopenGauss - The evolution route of openGauss' AIcapabilities
openGauss - The evolution route of openGauss' AIcapabilitieswot chin
 
Structured and centralized logging with serilog
Structured and centralized logging with serilogStructured and centralized logging with serilog
Structured and centralized logging with serilogDenis Missias
 

Similar to Towards structured log analysis (20)

Combining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityCombining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified Observability
 
Les logs, traces et indicateurs au service d'une observabilité unifiée
Les logs, traces et indicateurs au service d'une observabilité unifiéeLes logs, traces et indicateurs au service d'une observabilité unifiée
Les logs, traces et indicateurs au service d'une observabilité unifiée
 
Overview SQL Server 2012
Overview SQL Server 2012Overview SQL Server 2012
Overview SQL Server 2012
 
IT Discovery: Automated Global Assessment
IT Discovery: Automated Global AssessmentIT Discovery: Automated Global Assessment
IT Discovery: Automated Global Assessment
 
Log Analysis Engine with Integration of Hadoop and Spark
Log Analysis Engine with Integration of Hadoop and SparkLog Analysis Engine with Integration of Hadoop and Spark
Log Analysis Engine with Integration of Hadoop and Spark
 
01 necto introduction_ready
01 necto introduction_ready01 necto introduction_ready
01 necto introduction_ready
 
Java Batch for Cost Optimized Efficiency
Java Batch for Cost Optimized EfficiencyJava Batch for Cost Optimized Efficiency
Java Batch for Cost Optimized Efficiency
 
Software re engineering
Software re engineeringSoftware re engineering
Software re engineering
 
Writing Good Use Cases
Writing Good Use CasesWriting Good Use Cases
Writing Good Use Cases
 
Persistent Analytical Instrumentation Expertise
Persistent Analytical Instrumentation ExpertisePersistent Analytical Instrumentation Expertise
Persistent Analytical Instrumentation Expertise
 
What's New in EventLog Analyzer - Log Management Software
What's New in EventLog Analyzer - Log Management SoftwareWhat's New in EventLog Analyzer - Log Management Software
What's New in EventLog Analyzer - Log Management Software
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed Microservices
 
Silhouette Threshold Based Text Clustering for Log Analysis
Silhouette Threshold Based Text Clustering for Log AnalysisSilhouette Threshold Based Text Clustering for Log Analysis
Silhouette Threshold Based Text Clustering for Log Analysis
 
Logging using ELK Stack for Microservices
Logging using ELK Stack for MicroservicesLogging using ELK Stack for Microservices
Logging using ELK Stack for Microservices
 
IRJET- Speech Based Answer Sheet Evaluation System
IRJET- Speech Based Answer Sheet Evaluation SystemIRJET- Speech Based Answer Sheet Evaluation System
IRJET- Speech Based Answer Sheet Evaluation System
 
21st Century Service Oriented Architecture
21st Century Service Oriented Architecture21st Century Service Oriented Architecture
21st Century Service Oriented Architecture
 
SAP Sybase Event Streaming Processing
SAP Sybase Event Streaming ProcessingSAP Sybase Event Streaming Processing
SAP Sybase Event Streaming Processing
 
Centralized test automation framework implementation
Centralized test automation framework implementationCentralized test automation framework implementation
Centralized test automation framework implementation
 
openGauss - The evolution route of openGauss' AIcapabilities
openGauss - The evolution route of openGauss' AIcapabilitiesopenGauss - The evolution route of openGauss' AIcapabilities
openGauss - The evolution route of openGauss' AIcapabilities
 
Structured and centralized logging with serilog
Structured and centralized logging with serilogStructured and centralized logging with serilog
Structured and centralized logging with serilog
 

More from Dileepa Jayathilake

Practical insights into fuzzy logic
Practical insights into fuzzy logic Practical insights into fuzzy logic
Practical insights into fuzzy logic Dileepa Jayathilake
 
Adapting View Models as a Means For Sharing User Interface Code Between OS X ...
Adapting View Models as a Means For Sharing User Interface Code Between OS X ...Adapting View Models as a Means For Sharing User Interface Code Between OS X ...
Adapting View Models as a Means For Sharing User Interface Code Between OS X ...Dileepa Jayathilake
 
A framework for building web sites that are friendly to visually impaired
A framework for building web sites that are friendly to visually impairedA framework for building web sites that are friendly to visually impaired
A framework for building web sites that are friendly to visually impairedDileepa Jayathilake
 
Tips for writing effective business case studies
Tips for writing effective business case studiesTips for writing effective business case studies
Tips for writing effective business case studiesDileepa Jayathilake
 
Research : A practical definition and a guideline
Research : A practical definition and a guidelineResearch : A practical definition and a guideline
Research : A practical definition and a guidelineDileepa Jayathilake
 
A Novel Mind Map Based Approach for Log Data Extraction
A Novel Mind Map Based Approach for Log Data ExtractionA Novel Mind Map Based Approach for Log Data Extraction
A Novel Mind Map Based Approach for Log Data ExtractionDileepa Jayathilake
 

More from Dileepa Jayathilake (6)

Practical insights into fuzzy logic
Practical insights into fuzzy logic Practical insights into fuzzy logic
Practical insights into fuzzy logic
 
Adapting View Models as a Means For Sharing User Interface Code Between OS X ...
Adapting View Models as a Means For Sharing User Interface Code Between OS X ...Adapting View Models as a Means For Sharing User Interface Code Between OS X ...
Adapting View Models as a Means For Sharing User Interface Code Between OS X ...
 
A framework for building web sites that are friendly to visually impaired
A framework for building web sites that are friendly to visually impairedA framework for building web sites that are friendly to visually impaired
A framework for building web sites that are friendly to visually impaired
 
Tips for writing effective business case studies
Tips for writing effective business case studiesTips for writing effective business case studies
Tips for writing effective business case studies
 
Research : A practical definition and a guideline
Research : A practical definition and a guidelineResearch : A practical definition and a guideline
Research : A practical definition and a guideline
 
A Novel Mind Map Based Approach for Log Data Extraction
A Novel Mind Map Based Approach for Log Data ExtractionA Novel Mind Map Based Approach for Log Data Extraction
A Novel Mind Map Based Approach for Log Data Extraction
 

Recently uploaded

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 

Recently uploaded (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

Towards structured log analysis

  • 2. Functional Troubleshooting Conformance Log Analysis in Use Monitoring Statistical Insight System Health
  • 3. Log Analysis Domains Web server logs Network logs Security logs System logs Application logs
  • 4. Even with Manual analysis expertise, needs manual log acquaintance analysis is with format laborious Manually Manual analysis dealing with hinders reusing vast amount of recurring log information analysis is difficult Automation patterns will save lot of costs
  • 5. Log Analysis Automation Challenges Lack of a standard • “Universal Format for Logger Messages” - Expired without a successor • “Syslog” – Serves only a limited range of system logs Log file corruptions • Erasing parts of a log file, mixing up multiple log entries, presence of log entries in wrong order and garbage in the middle of log files Inappropriate log content • Problem stems from incorrect judgments of developers regarding the importance of log entries Varying log semantics • Format and the content logged can continue to evolve Huge sizes of log files • Log files can easily grow into gigabyte sizes in a commercial environment
  • 7. Identifying common constructs Log indexing Handling different log sources Dealing with different log types Rich user interfaces Alerts Intrusion detection Compliance validation Automate recurring analysis procedures Structured Log Analysis
  • 8. Why Structured Log Analysis? Many log files manifest a structure Analysis needs contextual correctness Automation requires a structure-aware Example tool
  • 10. Conclusions Existing tools solve a subset of automated log analysis requirements, but ignore the importance of structure New declarative language is capable of expressing any log file format and is resilient to corruptions The scripting language provides solid infrastructure for rule based automation Data management scheme offers flexibility Current UI generation method is not appropriate
  • 11. Future Work Add more log management capabilities Real time analysis Built-in format declarations for common log formats Optimize data management module to handle heterogeneous data efficiently UI generation based on HTML5

Editor's Notes

  1. Your introductory or title slide should convey the overall “feeling” and focus of your presentation. For instance, I typically present about small-business trends, new business ideas, growth opportunities or other positive trends. In this sample presentation, I’m talking about new business ideas, so I used a sun graphic in this slide template to convey a positive feeling. Personalize this slide template with your company’s logo. To add a logo to all slides, place it on the Slide Master. To access the Slide Master, on the Themes tab of the Ribbon, click Edit Master and then click Slide Master.Disclaimer: You understand that Microsoft does not endorse or control the content provided in the following presentation. Microsoft provides this content to you for informational purposes only; it is not intended to be relied upon as business or financial advice. Microsoft does not guarantee or otherwise warrant the accuracy or validity of this information and encourages you to consult with a business or financial professional as appropriate.RIEVA LESONSKY Founder and President, GrowBiz Media RievaLesonsky is founder and president of GrowBiz Media, a content and consulting company specializing in covering small businesses and entrepreneurship. A nationally known speaker and authority on entrepreneurship, Lesonsky has been covering America’s entrepreneurs for nearly 30 years. Before co-founding GrowBiz Media, Lesonsky was Editorial Director of Entrepreneur Magazine.
  2. I like to speak spontaneously, so I use PowerPoint as an outline to keep me on track. It’s best to keep your PowerPoint text brief, simply reinforcing key points you will talk about at more length. You can use this slide template to convey a series of steps or related points in a short format.
  3. I like to use an off-balance layout to keep things from getting too symmetrical. Customize this slide template graphics of your choice, including photos, clip art, your logo or illustrations. Good photos really help cement an idea in the audience’s mind. This slide is animated to display an appropriate image as you introduce each business type.
  4. A plain old bulleted list can get boring, so use graphics to liven it up. An image that conveys what you’re saying in visual format (like this diagram) can reinforce your ideas in the audience’s mind.
  5. I like to use an off-balance layout to keep things from getting too symmetrical. Customize this slide template graphics of your choice, including photos, clip art, your logo or illustrations. Good photos really help cement an idea in the audience’s mind. This slide is animated to display an appropriate image as you introduce each business type.
  6. Splunk – This is one of the most popular commercial log analysis tools [11]. It comes as a native application for each of the popular platforms. It provides strong search capabilities within log files. Log files from many different sources can be integrated into an analysis. Splunk is capable of identifying common constructs appearing in logs such as timestamps. In addition to indexing logs based on automatically detected log entries it provides functionality for users to create custom indexes too. Indexed log files can be saved as templates so that the index can be used for a similar log file later. Analysis results are displayed in a dashboard with many feature-rich user interface controls. Although Splunk can handle any kind of text log file, it is appropriate for analyzing line logs. It comes with a free version (without expiration) with an upper limit to the total size of log files analyzed in a day.LogRhythm – This is another widely used commercial tool for log analysis [12]. Its' important features are the ability to analyze a huge number of logs at once, automatic detection of interesting log entries, risk-based prioritization of log events, customizable rules, alerts, real-time log monitoring, normalization between different time zones, configurable charting, ability to save investigation data and file integrity monitoring. It has built in capabilities to evaluate log compliance with a number of standards. In addition it has strong intrusion detection capabilities too. In summary, LogRhythm is a sophisticated, enterprise solution.ArcSight Logger – This is a tool for event log collection and reporting [13]. Being a commercial tool ArcSight Logger has the capability to handle event log messages from many different client platforms. The messages can be sent in a varietyof protocols. The tool can handle terabytes of log data efficiently. It classifies log events so that different syntax used across platforms for same kind of log data is made transparent to the user. Searching is possible using plain text, regular expressions or indexed text. ArcSight Logger provides strong reporting capabilities too. Reports can be exported to various formats before saving. Alerts can be defined based on reports. The tool comes with a free evaluation version.loggly – This provides a cloud based log management system [14]. Log files from various sources can be collected to a central place in cloud for analysis. Log entries can be searched and be viewed in a dashboard. Historic data can also be viewed. The tool supports alerting. A free trial version is provided.loglogic – This is another log management infrastructure tool with the capability to collect logs from either enterprise or cloud and provide analysis [15]. Main features include ability to handle data in ranges of petabytes, advanced searching capabilities, dynamic dashboard, detailed reports, alerts, forensics engine, log retention management and compliance reporting.AWStats – This is a free tool that can analyze logs generated by web servers like Apache web server, Internet Information Server, WebStar and some other proxy, wap, ftp, streaming and mail servers [16]. It is a command line tool that uses Perl scripts. It provides usage statistics, user origin information, popularity of pages, HTTP errors, number of favorites on the site, worm attacks detection, etc.SecureVue – This is a situational awareness platform that utilizes logs from various types of assets in an organization such as hosts, network and security devices, applications and databases for capturing important security information [17]. It provides compliance with many security standards.
  7. A plain old bulleted list can get boring, so use graphics to liven it up. An image that conveys what you’re saying in visual format (like this diagram) can reinforce your ideas in the audience’s mind.
  8. I like to use an off-balance layout to keep things from getting too symmetrical. Customize this slide template graphics of your choice, including photos, clip art, your logo or illustrations. Good photos really help cement an idea in the audience’s mind. This slide is animated to display an appropriate image as you introduce each business type.
  9. I like to use an off-balance layout to keep things from getting too symmetrical. Customize this slide template graphics of your choice, including photos, clip art, your logo or illustrations. Good photos really help cement an idea in the audience’s mind. This slide is animated to display an appropriate image as you introduce each business type.
  10. I like to use an off-balance layout to keep things from getting too symmetrical. Customize this slide template graphics of your choice, including photos, clip art, your logo or illustrations. Good photos really help cement an idea in the audience’s mind. This slide is animated to display an appropriate image as you introduce each business type.
  11. I like to use an off-balance layout to keep things from getting too symmetrical. Customize this slide template graphics of your choice, including photos, clip art, your logo or illustrations. Good photos really help cement an idea in the audience’s mind. This slide is animated to display an appropriate image as you introduce each business type.