vue4logs -- Automatic Structuring of Heterogeneous Computer System Logs

TL;DR

This paper presents vue4logs, a novel method that uses vector space modeling to automatically structure heterogeneous system logs, improving accuracy and robustness in event template extraction.

Contribution

The paper introduces a new approach combining vector space models with filtering techniques for effective log template extraction from raw data.

Findings

Outperforms state-of-the-art systems in accuracy

Demonstrates robustness across different log datasets

Effective in handling heterogeneous log formats

Abstract

Computer system log data is commonly used in system monitoring, performance characteristic investigation, workflow modeling and anomaly detection. Log data is inherently unstructured or semi-structured, which makes it harder to understand the event flow or other important information of a system by reading raw logs. The process of structuring log files first identifies the log message groups based on the system events that triggered them, and extracts an event template to represent the log messages of each event. This paper introduces a novel method to extract event templates from raw system log files, by using the vector space model commonly used in the field of Information Retrieval to vectorize log data and group log messages into event templates based on their vector similarity. Template extraction process is further enhanced with the use of character and length based filters. When evaluated on publicly available real-world log data benchmarks, this proposed method outperforms all the available state-of-the-art systems in terms of accuracy and robustness.