TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Behavior Mining Language for Mining Expected Behavior from Log Files

Tutkimustuotosvertaisarvioitu

Yksityiskohdat

AlkuperäiskieliEnglanti
OtsikkoIndustrial Electronics Society, IECON 2016 - 42nd Annual Conference of the IEEE
KustantajaIEEE
ISBN (elektroninen)978-1-5090-3474-1
DOI - pysyväislinkit
TilaJulkaistu - 2016
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisussa
TapahtumaAnnual Conference of the IEEE Industrial Electronics Society -
Kesto: 1 tammikuuta 1900 → …

Conference

ConferenceAnnual Conference of the IEEE Industrial Electronics Society
Ajanjakso1/01/00 → …

Tiivistelmä

Log files are often the only way to identify and locate errors in a deployed system. This paper proposes a novel Behavior Mining Language (BML) for a log file analyzing framework called LOGDIG. It is proposed for logs that include temporal data (timestamps) and extra-log system-specific data (e.g. spatial data with coordinates of moving objects), which are present e.g. in Real Time Passenger Information Systems (RTPIS). BML is state-machine-based, and specifies searches for desired events from the log files by adjustable accuracy. The analysis output is static behavioral knowledge and human friendly composite log files for reporting the results in legacy tools. Field data from a commercial RTPIS is used as a proof-of-concept case study. BML is Python-based for excellent development support, as well as self-explanatory and self-descriptive for correct-by-construct usage. Compared to a general language approach, BML code is much shorter and easier to maintain. In the RTPIS case study we compare BML to the closest related log file analysis language LFAL2. BML can be applied to complicated cases that are not possible to capture using LFAL2, but at the penalty of more setting-up effort. Thus, BML is positioned between the simple specific and the fully general programming languages used in log file analysis. BML fulfills specifically the needs for log analysis on RTPIS kind of systems.

Julkaisufoorumi-taso