A log mining approach to failure analysis of enterprise telephony systems

Log monitoring techniques to characterize system and user behavior have gained significant popularity. Some common applications of study of systems logs are syslog mining to detect and predict system failure behavior, Web log mining to characterize Web usage patterns, and error/debug log analysis for detecting anomalies. In this paper, we discuss our experiences with applying log mining techniques to characterize the behavior of large enterprise telephony systems. We aim to detect, and in some cases, predict system anomalies. We describe the problems encountered in the study of such logs and propose some solutions. The key differentiator of our solutions is the use of individual message frequencies to characterize system behavior and the ability to incorporate domain-specific knowledge through user feedback. The techniques that we propose are general enough to be applicable to other systems logs and can easily be packaged into automated tools for log analysis.

[1]  Daniel P. Siewiorek,et al.  Error log analysis: statistical modeling and heuristic trend analysis , 1990 .

[2]  Stephen G. Eick Visualizing online activity , 2001, Commun. ACM.

[3]  Anand Sivasubramaniam,et al.  Critical event prediction for proactive management in large-scale computer clusters , 2003, KDD '03.

[4]  Jon Stearley,et al.  What Supercomputers Say: A Study of Five System Logs , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[5]  Risto Vaarandi,et al.  A Breadth-First Algorithm for Mining Frequent Patterns from Event Logs , 2004, INTELLCOMM.

[6]  Pier Luca Lanzi,et al.  Mining interesting knowledge from weblogs: a survey , 2005, Data Knowl. Eng..

[7]  Dorothy M. Andrews,et al.  A Methodology for Analysis of Failure Prediction Data , 1985, RTSS.

[8]  Joseph L. Hellerstein,et al.  Mining partially periodic event patterns with unknown periods , 2001, Proceedings 17th International Conference on Data Engineering.

[9]  Ravishankar K. Iyer,et al.  Error/failure analysis using event logs from fault tolerant systems , 1991, [1991] Digest of Papers. Fault-Tolerant Computing: The Twenty-First International Symposium.

[10]  Ravishankar K. Iyer,et al.  Analysis and Modeling of Correlated Failures in Multicomputer Systems , 1992, IEEE Trans. Computers.