A visual approach for monitoring logs

Luc Girardin
Dominique Brodbeck
In Proceedings of the 12th Systems Administration Conference (LISA ’98), Boston, MA: The USENIX Association, 299–308.
Analyzing and monitoring logs that portray system, user, and network activity is essential to meet the requirements of high security and optimal resource availability. While most systems now possess satisfactory logging facilities, the tools to monitor and interpret such event logs are still in their infancy. This paper describes an approach to relieve system and network administrators from manually scanning sequences of log entries. An experimental system based on unsupervised neural networks and spring layouts to automatically classify events contained in logs is explained, and the use of complementary information visualization techniques to visually present and interactively analyze the results is then discussed. The system we present can be used to analyze past activity as well as to monitor real‐time events. We illustrate the system’s use for event logs generated by a firewall, however it can be easily coupled to any source of sequential and structured event logs.
URL: https://www.usenix.org/conference/lisa-98/visual-approach-monitoring-logs
PDF: http://www.ubilab.org/publications/print_versions/pdf/gir98.pdf
Girardin, Luc, and Dominique Brodbeck. 1998. “A Visual Approach for Monitoring Logs.” In Proceedings of the 12th Systems Administration Conference (LISA ’98), Boston, MA: The USENIX Association, 299–308.
@inproceedings{a-visual-approach-for-monitoring-logs,
   author = {Luc Girardin and Dominique Brodbeck},
   title = {A visual approach for monitoring logs},
   booktitle = {Proceedings of the 12th Systems Administration Conference (LISA '98)},
   year = {1998},
   pages = {299--308},
   publisher = {The USENIX Association},
   location = {Boston, MA},
   abstract = {Analyzing and monitoring logs that portray system, user, and network activity is essential to meet the requirements of high security and optimal resource availability. While most systems now possess satisfactory logging facilities, the tools to monitor and interpret such event logs are still in their infancy. This paper describes an approach to relieve system and network administrators from manually scanning sequences of log entries. An experimental system based on unsupervised neural networks and spring layouts to automatically classify events contained in logs is explained, and the use of complementary information visualization techniques to visually present and interactively analyze the results is then discussed. The system we present can be used to analyze past activity as well as to monitor real-time events. We illustrate the system's use for event logs generated by a firewall, however it can be easily coupled to any source of sequential and structured event logs.},
   url = {https://www.usenix.org/conference/lisa-98/visual-approach-monitoring-logs},
   pdf = {http://www.ubilab.org/publications/print_versions/pdf/gir98.pdf},
   status = {personal}
}