ANOMALY DETECTION BASED ON EVENTS COMPOSED THROUGH UNSUPERVISED CLUSTERING OF LOG MESSAGES

ANOMALY DETECTION BASED ON EVENTS COMPOSED THROUGH UNSUPERVISED CLUSTERING OF LOG MESSAGES

The disclosed embodiments provide a system that detects an anomaly in a computer system based on log messages. During operation, the system receives log messages generated by the computer system during operation of the computer system. Next, the system maps each received log message to a cluster in...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Wood, Alan Paul, Urmanov, Aleksey M
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The disclosed embodiments provide a system that detects an anomaly in a computer system based on log messages. During operation, the system receives log messages generated by the computer system during operation of the computer system. Next, the system maps each received log message to a cluster in a set of clusters of log messages, wherein each cluster is associated with a specific event. The system then forms events for consecutive log messages into sequences of events. Finally, the system performs anomaly detection based on the sequences of events, wherein if an anomaly is detected, the system triggers an alert.