What happened in my network

Tongqing Qiu, Zihui Ge, Dan Pei, Jia Wang, Jun Xu
2010 Proceedings of the 10th annual conference on Internet measurement - IMC '10  
Router syslogs are messages that a router logs to describe a wide range of events observed by it. They are considered one of the most valuable data sources for monitoring network health and for troubleshooting network faults and performance anomalies. However, router syslog messages are essentially free-form text with only a minimal structure, and their formats vary among different vendors and router OSes. Furthermore, since router syslogs are aimed for tracking and debugging router
more » ... dware problems, they are often too low-level from network service management perspectives. Due to their sheer volume (e.g., millions per day in a large ISP network), router syslog messages are typically examined (manually by a network administrator) only when required by an on-going troubleshooting investigation or when given a narrow time range and a specific router under suspicion. In this project, we design a SyslogDigest system that can automatically transform and compress such low-level minimally-structured syslog messages into meaningful and prioritized high-level network events, using powerful data mining techniques tailored to our problem domain. These events are three orders of magnitude fewer in number and have much better usability than raw syslog messages. We demonstrate that they provide critical input to network troubleshooting, and network health monitoring and visualization.
doi:10.1145/1879141.1879202 dblp:conf/imc/QiuGPWX10 fatcat:hrhzmpyivjhizivfi7xy4rucwq