LogAn: HPC System Log Anomaly Detection Tool
TimeFriday, 19 November 202111:30am - 12pm CST
DescriptionWe address the problem of anomaly detection on HPC system log lines, and present a new approach and associated tool implementation for detecting unusual behaviors within syslog. Our tool, LogAn, provides not only statistical anomaly detection which can discover previously unknown behaviors, but also the capability for a user to interact and guide the tool towards syslog messages of interest. We provide a user interface that supports a variety of workflow options, from a high-level view with a snapshot of number of unusual lines found, to a drilled-down view that allows a system administrator to gain more understanding of a flagged line, and to place that line in context. We have find that LogAn is able to detect syslog lines of interest that would not have been caught by existing legacy filters and flags, and provides a crucially-needed, fast, and flexible approach to syslog analysis.