Multilingual log analysis: LogCLEF

The current lack of recent and long-term query logs makes the verifiability and repeatability of log analysis experiments very limited. A first attempt in this direction has been made within the Cross-Language Evaluation Forum in 2009 in a track named LogCLEF which aims to stimulate research on user behaviour in multilingual environments and promote standard evaluation collections of log data. We report on similarities and differences of the most recent activities for LogCLEF

System Log Analysis

Táto práca sa zaoberá problematikou analýzy systémových záznamov a jej použitím na detekciu vniknutia do systému. Prvá časť je zameraná na oboznámenie sa s rôznymi technikami analýzy. Druhá časť sa zaoberá nástrojom OSSEC, ktorý túto analýzu využíva na detekciu vniknutia do systému. V poslednej časti práce je návrh a implementácia grafického nástroja pre jednoduchú konfiguráciu OSSEC.This thesis discusses system log analysis and it's usage for intrusion detection. First part is about different techniques used for log file analysis. Second part is about OSSEC, a tool which uses log analysis to detect intrusion into the system. The last part talks about design and implementation of a graphical user interface for easy configuration of OSSEC.

Deriving query suggestions for site search

Modern search engines have been moving away from simplistic interfaces that aimed at satisfying a user's need with a single-shot query. Interactive features are now integral parts of web search engines. However, generating good query modification suggestions remains a challenging issue. Query log analysis is one of the major strands of work in this direction. Although much research has been performed on query logs collected on the web as a whole, query log analysis to enhance search on smaller and more focused collections has attracted less attention, despite its increasing practical importance. In this article, we report on a systematic study of different query modification methods applied to a substantial query log collected on a local website that already uses an interactive search engine. We conducted experiments in which we asked users to assess the relevance of potential query modification suggestions that have been constructed using a range of log analysis methods and different baseline approaches. The experimental results demonstrate the usefulness of log analysis to extract query modification suggestions. Furthermore, our experiments demonstrate that a more fine-grained approach than grouping search requests into sessions allows for extraction of better refinement terms from query log files. © 2013 ASIS&T

Semantic Support for Log Analysis of Safety-Critical Embedded Systems

Testing is a relevant activity for the development life-cycle of Safety Critical Embedded systems. In particular, much effort is spent for analysis and classification of test logs from SCADA subsystems, especially when failures occur. The human expertise is needful to understand the reasons of failures, for tracing back the errors, as well as to understand which requirements are affected by errors and which ones will be affected by eventual changes in the system design. Semantic techniques and full text search are used to support human experts for the analysis and classification of test logs, in order to speedup and improve the diagnosis phase. Moreover, retrieval of tests and requirements, which can be related to the current failure, is supported in order to allow the discovery of available alternatives and solutions for a better and faster investigation of the problem.Comment: EDCC-2014, BIG4CIP-2014, Embedded systems, testing, semantic discovery, ontology, big dat

Web log analysis panel

No Abstract.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/61334/1/1450440124_ftp.pd

Network forensic Log analysis

Network forensics log analysis is the capturing, recording, and analysis of network events in order to discover the source of security attacks. An investigator needs to back up these recorded data to free up recording media and to preserve the data for future analysis. An investigator needs to perform network forensics process to determine which type of an attack over a network and to trace out the culprit. In the cyber-crime world huge log data, transactional data occurs which tends to plenty of data for storage and analyze them. It is difficult for forensic investigators to keep on playing with time and to find out the clues and analyze those collected data. In network forensic analysis, it involves network traces and detection of attacks. The trace involves an Intrusion Detection System and firewall logs, logs generated by network services and applications, packet captures. Network forensics is a branch of digital forensics that focuses on the monitoring and analysis of network traffic. Unlike other areas of digital forensics that focus on stored or static data, network forensics deals with volatile and dynamic data. It generally has two uses. The first, relating to security, involves detecting anomalous traffic and identifying intrusions. The second use, relating to law enforcement according to the chain of custody rule, involves capturing and Analyzing network traffic and can include tasks such as reassembling transferred files.“Stop, look and listen” systems, in which each packet is analysed in a rudimentary way in memory and only certain information saved for current analysis. On this analysis, we propose to archive data using various tools and provide a “unified structure” based on a standard forensic process. This different unified structured IDS data are use to store and preserve in a place, which would be use to present as an evidence in court by the forensic analysis. DOI: 10.17762/ijritcc2321-8169.15053

Recursion Aware Modeling and Discovery For Hierarchical Software Event Log Analysis (Extended)

This extended paper presents 1) a novel hierarchy and recursion extension to the process tree model; and 2) the first, recursion aware process model discovery technique that leverages hierarchical information in event logs, typically available for software systems. This technique allows us to analyze the operational processes of software systems under real-life conditions at multiple levels of granularity. The work can be positioned in-between reverse engineering and process mining. An implementation of the proposed approach is available as a ProM plugin. Experimental results based on real-life (software) event logs demonstrate the feasibility and usefulness of the approach and show the huge potential to speed up discovery by exploiting the available hierarchy.Comment: Extended version (14 pages total) of the paper Recursion Aware Modeling and Discovery For Hierarchical Software Event Log Analysis. This Technical Report version includes the guarantee proofs for the proposed discovery algorithm

Framework for Java Log Analysis

Import 05/08/2014Diplomová práce se věnuje tvorbě aplikace určené k analýze log záznamů. Je vypracována v programovacím jazyce Java na platformě Eclipse 4. Hlavní myšlenkou je její rozšiřitelnost pomocí pluginů. První část se věnuje popisu možných způsobů logování a nástrojů používaných při vývoji Java aplikací. Ve druhé části jsou popsány specifika platformy Eclipse 4 a dalších použitých technologií. Poté následuje vysvětlení hlavních principů implementované aplikace. Poslední část je zaměřena na testování při použití v reálných situacích.The diploma thesis deals with the implementation of the application for the log file analysis. It is created using the Java programming language and Eclipse 4 platform. The main idea is to allow the application to be extended via plug-ins. The first part focuses on the description of possible ways of logging and tools used during the application development. In the second part, the specifications of Eclipse 4 platform and other used technologies are described. This is followed by the main principles used for the log analysis application development and theirs explanation. The last part deals with the tests of the application in the real situations.460 - Katedra informatikyvýborn

Evaluation of standard monitoring tools(including log analysis) for control systems at Cern

Project Specification: The goal of this Openlab Summer Student project was to assess the implications and the benefits of integrating two standard IT tools, namely Icinga and Splunkstorm with the existing production setup for monitoring and management of control systems at CERN. Icinga – an open source monitoring software based on Nagios would need to be integrated with an in-house developed WinCC OA application called MOON, that is currently used for monitoring and managing all the components that make up the control systems. Splunkstorm – a data analysis and log management online application would be used stand alone, so it didn’t need integration with other software, only understanding of features and installation procedure. Abstract: The aim of this document is to provide insights into installation procedures, key features and functionality and projected implementation effort of Icinga and Splunkstorm IT tools. Focus will be on presenting the most feasible implementation paths that surfaced once both software were well understood