Log Analysis and Event Correlation Using Variable Temporal Event Correlator (VTEC)
暂无分享,去创建一个
System administrators have utilized log analysis for decades to monitor and automate their environments. As compute environments grow, and the scope and volume of the logs increase, it becomes more difficult to get timely, useful data and appropriate triggers for enabling automation using traditional tools like Swatch. Cloud computing is intensifying this problem as the number of systems in datacenters increases dramatically. To address these problems at AMD, we developed a tool we call the Variable Temporal Event Correlator, or VTEC.
VTEC has unique design features, such as inherent multi-threaded/multi-process design, a flexible and extensible programming interface, built-in job queuing, and a novel method for storing and describing temporal information about events, that well suit it for quickly and efficiently handling a broad range of event correlation tasks in real-time. These features also enable VTEC to scale to tens of gigabytes of log data processed per day. This paper describes the architecture, use, and efficacy of this tool, which has been in production at AMD for more than four years.
[1] Mark Burgess,et al. On the theory of system administration , 2000, Sci. Comput. Program..
[2] Stephen E. Hansen,et al. Automated System Monitoring and Notification with Swatch , 1993, LISA.
[3] John P. Rouillard. Real-time Log File Analysis Using the Simple Event Correlator (SEC) , 2004, LISA.
[4] Jon Finke. Process Monitor: Detecting Events That Didn't Happen , 2002, LISA.