Real-time Log File Analysis Using the Simple Event Correlator (SEC)
نویسنده
چکیده
Log analysis is an important way to keep track of computers and networks. The use of automated analysis always results in false reports, however these can be minimized by proper specification of recognition criteria. Current analysis approaches fail to provide sufficient support for the recognizing the temporal component of log analysis. Temporal recognition of event sequences fall into distinct patterns that can be used to reduce false alerts and improve the efficiency of response to problems. This paper discusses these patterns while describing the rationale behind and implementation of a ruleset created at the CS department of the University of Massachusetts at Boston for SEC – the Simple Event Correlation program.
منابع مشابه
Simple Event Correlator for real-time security log monitoring
When it comes to the security of the IT system, event logs play a crucial role. Today, many applications, operating systems, network devices and other system components are capable of writing security related event messages to log files. The BSD syslog protocol is an event logging standard supported by majority of OS and network equipment vendors, which allows one to set up a central log server...
متن کاملReal-time Prediction and Synchronization of Business Process Instances using Data and Control Perspective
Nowadays, in a competitive and dynamic environment of businesses, organizations need to moni-tor, analyze and improve business processes with the use of Business Process Management Systems(BPMSs). Management, prediction and time control of events in BPMS is one of the major chal-lenges of this area of research that has attracted lots of researchers. In this paper, we present a...
متن کاملReduction of production disturbances of a shoemaking industry through a discrete event simulation approach
This study presents a reduction of production disturbances of a shoemaking industry through discrete event simulation approach. The study is conducted at Peacock Shoe factory found in Addis Ababa, Ethiopia. This factory faces line balancing problem that becomes production disturbance for its assembly lines. Detail time study is carried out for the selected shoe model using stopwatch. Assembly ...
متن کاملLog Analysis and Event Correlation Using Variable Temporal Event Correlator (VTEC)
System administrators have utilized log analysis for decades to monitor and automate their environments. As compute environments grow, and the scope and volume of the logs increase, it becomes more difficult to get timely, useful data and appropriate triggers for enabling automation using traditional tools like Swatch. Cloud computing is intensifying this problem as the number of systems in dat...
متن کاملSEC – a Lightweight Event Correlation Tool
Event correlation has become one of the most important techniques in today’s network management, and there is a clear trend to extend its use to other application domains as well. Unfortunately, existing event correlation systems are often platform-dependent and heavyweight solutions that have complicated design, being therefore difficult to deploy and maintain, and requiring extensive user tra...
متن کامل