Analysis of Automated Log Template Generation Methodologies

Abstract

Decision making and advanced diagnostics over log messages from operations point of view are an important and challenging area giving that these log messages do not adhere to a format, variable in length and essentially remains unstructured. Log analysis is a key function that deals with analyzing these messages to produce insights that help operate, understand, debug and manage the services, applications and/or functions to (i) detect failures (ii) detect consistency issues (iii) deduce anomalous behaviors and (iv) continuous monitoring with prediction. An infrastructure management practice relies on huge amounts of log messages collected from the devices such as servers, routers and switches in a data center, telecom, datacom networks or IT operations. Entities emit log messages revealing state of the running system for management perspective. The growing scale and complexity of infrastructure make it unrealistic and impractical to analyze log messages with manual or subject matter experts or even with expert systems. Toward this emerged automated methods for log parsing, which carefully study and extract features of interest from these messages and produces message templates for applications to easily discover constituent properties. These methods are largely based on clustering which is an unsupervised machine learning approach. Different parsers make use of clustering in different ways, and in this work, we study these techniques and compare its template generation capabilities. The generated templates so formed face challenges such as human readability, machine interpretability and inconsistent structures. In this paper, we present an analysis of existing log template generation methodologies quantiatively and qualitatively. We conclude with challenges that are still prevailing identifying the functional weaknesses using examples when templatizing the log message history.