Tampere University of Technology

TUTCRIS Research Portal

Behavior Mining Language for Mining Expected Behavior from Log Files

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Details

Original languageEnglish
Title of host publicationIndustrial Electronics Society, IECON 2016 - 42nd Annual Conference of the IEEE
PublisherIEEE
ISBN (Electronic)978-1-5090-3474-1
DOIs
Publication statusPublished - 2016
Publication typeA4 Article in a conference publication
EventAnnual Conference of the IEEE Industrial Electronics Society -
Duration: 1 Jan 1900 → …

Conference

ConferenceAnnual Conference of the IEEE Industrial Electronics Society
Period1/01/00 → …

Abstract

Log files are often the only way to identify and locate errors in a deployed system. This paper proposes a novel Behavior Mining Language (BML) for a log file analyzing framework called LOGDIG. It is proposed for logs that include temporal data (timestamps) and extra-log system-specific data (e.g. spatial data with coordinates of moving objects), which are present e.g. in Real Time Passenger Information Systems (RTPIS). BML is state-machine-based, and specifies searches for desired events from the log files by adjustable accuracy. The analysis output is static behavioral knowledge and human friendly composite log files for reporting the results in legacy tools. Field data from a commercial RTPIS is used as a proof-of-concept case study. BML is Python-based for excellent development support, as well as self-explanatory and self-descriptive for correct-by-construct usage. Compared to a general language approach, BML code is much shorter and easier to maintain. In the RTPIS case study we compare BML to the closest related log file analysis language LFAL2. BML can be applied to complicated cases that are not possible to capture using LFAL2, but at the penalty of more setting-up effort. Thus, BML is positioned between the simple specific and the fully general programming languages used in log file analysis. BML fulfills specifically the needs for log analysis on RTPIS kind of systems.

Publication forum classification

Field of science, Statistics Finland