Abstract
System log files contains messages emitted from several modules within a system and carries valuable information about the system state such as device status and error conditions and also about the various tasks within the system such as program names, execution path, including function names and parameters, and the task completion status. For customers with remote support, the system collects and transmits these logs to a central enterprise repository, where these are monitored for alerts, problem forecasting, and troubleshooting.
Very large log files limit the interpretability for the support engineers. For an expert, a large volume of log messages may not pose any problem; however, an inexperienced person may get flummoxed due to the presence of a large number of log messages. Often it is desired to present the log messages in a comprehensive manner where a person can view the important messages first and then go into details if required.
In this article, we present a user-friendly log viewer where we first hide the unimportant or inconsequential messages from the log file. A user can then click a particular hidden view and get the details of the hided messages. Messages with low utility are considered inconsequential as their removal does not impact the end user for the aforesaid purpose such as problem forecasting or troubleshooting. We relate the utility of a message to the probability of its appearance in the due context. We present machine-learning-based techniques that computes the usefulness of individual messages in a log file. We demonstrate identification and discarding of inconsequential messages to shrink the log size to acceptable limits. We have tested this over real-world logs and observed that eliminating such low value data can reduce the log files significantly (30% to 55%), with minimal error rates (7% to 20%). When limited user feedback is available, we show modifications to the technique to learn the user intent and accordingly further reduce the error.
- R. Agrawal, T. Imieliński, and A. Swami. 1993. Mining association rules between sets of items in large databases. In Proceedings of the 1993 ACM SIGMOD International Conference on Management of Data (SIGMOD’93). ACM New York, NY, 207--216. Google Scholar
Digital Library
- S. Alspaugh, Beidi Chen, Jessica Lin, Archana Ganapathi, Marti Hearst, and Randy Katz. 2014. Analyzing log analysis: An empirical study of user log mining. In 28th Large Installation System Administration Conference (LISA14). USENIX Association, Seattle, WA, 62--77. Google Scholar
Digital Library
- Christopher J. C. Burges. 1998. A tutorial on support vector machines for pattern recognition. Data Min. Knowl. Discov. 2, 2 (1998), 121--167. Google Scholar
Digital Library
- Tom Fawcett. 2006. An introduction to ROC analysis. Pattern Recog. Lett. 27, 8 (2006), 861--874. Google Scholar
Digital Library
- Anil K. Jain, Jianchang Mao, and K. Moidin Mohiuddin. 1996. Artificial neural networks: A tutorial. Computer 29, 3 (1996), 31--44. Google Scholar
Digital Library
- Weihang Jiang, Chongfeng Hu, Shankar Pasupathy, Arkady Kanevsky, Zhenmin Li, and Yuanyuan Zhou. 2009. Understanding customer problem troubleshooting from storage system logs. In FAST, Vol. 9. 43--56. Google Scholar
Digital Library
- J. Koshy. 2007. PMC based Performance Measurement in FreeBSD. Retrieved from http://people.freebsd.org/∼jkoshy/projects/perf-measurement.Google Scholar
- Time Kramer. 2003. Effective Log Reduction and Analysis Using Linux and Open Source Tools. Retrieved from http://www.giac.org/paper/gsec/3144/effective-log-reduction-analysis-linux-open-source-tools/105234.Google Scholar
- Yinglung Liang, Yanyong Zhang, Hui Xiong, and Ramendra Sahoo. 2007. An adaptive semantic filter for blue gene/L failure log analysis. In Proceedings of the 3rd International Workshop on System Management Techniques, Processes, and Services (SMTPS).Google Scholar
Cross Ref
- Andrew L. Maas and Andrew Y. Ng. 2010. A probabilistic model for semantic word vectors. In Proceedings of the Workshop on Deep Learning and Unsupervised Feature Learning, NIPS, Vol. 10.Google Scholar
- Network Appliance. 2007. Proactive health management with autosupport. http://www.netapp.com/us/media/wp-7027.pdf.Google Scholar
- W. Peng, T. Li, and S. Ma. 2005. Mining logs files for data-driven system management. ACM SIGKDD Explor. Newslett. 7, 1 (2005), 44--51. Google Scholar
Digital Library
- Christian S. Perone. 2009. Pyevolve: A Python open-source framework for genetic algorithms. SIGEVOlution 4, 1 (Nov. 2009), 12--20. DOI:http://dx.doi.org/10.1145/1656395.1656397 Google Scholar
Digital Library
- R. R. Sarukkai. 2000. Link prediction and path analysis using Markov chains. In Proceedings of the 9th International World Wide Web Conference on Computer Networks : The International Journal of Computer and Telecommunications Netowrking. North-Holland Publishing Co., Amsterdam, The Netherlands, 377--386. Google Scholar
Digital Library
- S. A. Shahrestani, M. Feily, R. Ahmad, and S. Ramadass. 2010. Discovery of invariant BOT behaviour through visual network monitoring system. In Proceedings of the 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies. 182--188. Google Scholar
Digital Library
- Darrell Whitley. 1994. A genetic algorithm tutorial. Stat. Comput. 4, 2 (1994), 65--85.Google Scholar
Cross Ref
- Wei Xu, Ling Huang, Armando Fox, David Patterson, and Michael Jordan. 2010. Experience mining google.s production console logs. In Proceedings of the SLAML (2010). Google Scholar
Digital Library
- Z. Ziming, L. Zhiling, B. H. Park, and A. Geist. 2009. System log pre-processing to improve failure prediction. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems & Networks (DSN’’09). 572--577.Google Scholar
Index Terms
A User-Friendly Log Viewer for Storage Systems
Recommendations
LogReducer: Identify and Reduce Log Hotspots in Kernel on the Fly
ICSE '23: Proceedings of the 45th International Conference on Software EngineeringModern systems generate a massive amount of logs to detect and diagnose system faults, which incurs expensive storage costs and runtime overhead. After investigating real-world production logs, we observe that most of the logging overhead is due to a ...
Domain Independent Event Analysis for Log Data Reduction
COMPSAC '12: Proceedings of the 2012 IEEE 36th Annual Computer Software and Applications ConferenceAnalyzing the run time behavior of large software systems is a difficult and challenging task. Log analysis has been proposed as a possible solution. However, such an analysis poses unique challenges, mostly due to the volume and diversity of the logged ...
An O(log n log log n) space algorithm for undirected st-connectivity
STOC '05: Proceedings of the thirty-seventh annual ACM symposium on Theory of computingWe present a deterministic O(log n log log n) space algorithm for undirected st-connectivity. It is based on the deterministic EREW algorithm of Chong and Lam [6] and uses the universal exploration sequences for trees constructed by Koucký [13]. Our ...






Comments