Abstract
System logs, such as the Windows Event log or the Linux system log, are an important resource for computer system management. We present a method for ranking system log messages by their estimated value to users, and generating a log view that displays the most important messages. The ranking process uses a dataset of system logs from many computer systems to score messages. For better scoring, unsupervised clustering is used to identify sets of systems that behave similarly. We propose a new feature construction scheme that measures the difference in the ranking of messages by frequency, and show that it leads to better clustering results. The expected distribution of messages in a given system is estimated using the resulting clusters, and log messages are scored using this estimation. We show experimental results from tests on xSeries servers. A tool based on the described methods is being used to aid support personnel in the IBM xSeries support center.
| Original language | English GB |
|---|---|
| Title of host publication | 2nd USENIX workshop on Tackling Computer Systems Problems with Machine Learning Techniques |
| State | Published - 2007 |
| Externally published | Yes |
| Event | 2nd Workshop on Tackling Computer Systems Problems with Machine Learning Techniques, SysML 2007, co-located with NSDI 2007 - Cambridge, United States Duration: 10 Apr 2007 → … |
Conference
| Conference | 2nd Workshop on Tackling Computer Systems Problems with Machine Learning Techniques, SysML 2007, co-located with NSDI 2007 |
|---|---|
| Country/Territory | United States |
| City | Cambridge |
| Period | 10/04/07 → … |
ASJC Scopus subject areas
- Computer Science Applications
- Software
- Information Systems