TY - JOUR
T1 - Network event extraction from log data with nonnegative tensor factorization
AU - Kimura, Tatsuaki
AU - Ishibashi, Keisuke
AU - Mori, Tatsuya
AU - Sawada, Hiroshi
AU - Toyono, Tsuyoshi
AU - Nishimatsu, Ken
AU - Watanabe, Akio
AU - Shimoda, Akihiro
AU - Shiomoto, Kohei
N1 - Publisher Copyright:
© 2017 The Institute of Electronics, Information and Communication Engineers.
Copyright:
Copyright 2017 Elsevier B.V., All rights reserved.
PY - 2017/10
Y1 - 2017/10
N2 - Network equipment, such as routers, switches, and RA- DIUS servers, generate various log messages induced by network events such as hardware failures and protocol flaps. In large production networks, analyzing the log messages is crucial for diagnosing network anomalies; however, it has become challenging due to the following two reasons. First, the log messages are composed of unstructured text messages generated in accordance with vendor-specific rules. Second, network events that in- duce the log messages span several geographical locations, network layers, protocols, and services. We developed a method to tackle these obsta- cles consisting of two techniques: statistical template extraction (STE) and log tensor factorization (LTF). The former leverages a statistical clustering technique to automatically extract primary templates from unstructured log messages. The latter builds a statistical model that collects spatial-Temporal patterns of log messages. Such spatial-Temporal patterns provide useful in- sights into understanding the impact and patterns of hidden network events. We evaluate our techniques using a massive amount of network log mes- sages collected from a large operating network and confirm that our model fits the data well. We also investigate several case studies that validate the usefulness of our method.
AB - Network equipment, such as routers, switches, and RA- DIUS servers, generate various log messages induced by network events such as hardware failures and protocol flaps. In large production networks, analyzing the log messages is crucial for diagnosing network anomalies; however, it has become challenging due to the following two reasons. First, the log messages are composed of unstructured text messages generated in accordance with vendor-specific rules. Second, network events that in- duce the log messages span several geographical locations, network layers, protocols, and services. We developed a method to tackle these obsta- cles consisting of two techniques: statistical template extraction (STE) and log tensor factorization (LTF). The former leverages a statistical clustering technique to automatically extract primary templates from unstructured log messages. The latter builds a statistical model that collects spatial-Temporal patterns of log messages. Such spatial-Temporal patterns provide useful in- sights into understanding the impact and patterns of hidden network events. We evaluate our techniques using a massive amount of network log mes- sages collected from a large operating network and confirm that our model fits the data well. We also investigate several case studies that validate the usefulness of our method.
KW - Network management
KW - Nonnegative tensor factorization (NTF)
KW - Syslog
UR - http://www.scopus.com/inward/record.url?scp=85030459178&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85030459178&partnerID=8YFLogxK
U2 - 10.1587/transcom.2016EBP3430
DO - 10.1587/transcom.2016EBP3430
M3 - Article
AN - SCOPUS:85030459178
SN - 0916-8516
VL - E100B
SP - 1865
EP - 1878
JO - IEICE Transactions on Communications
JF - IEICE Transactions on Communications
IS - 10
ER -