Message Log Analysis for System Behavior Evaluation

US 20080319940A1
Filed: 10/17/2007
Published: 12/25/2008
Est. Priority Date: 06/22/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

mapping a first plurality of messages from a message log to a mapped plurality of numerical values;

performing a time-series analysis on the mapped plurality with respect to when the corresponding messages from the first plurality occur in time; and

transmitting a signal that represents a characteristic of the time-series analysis.

View all claims

22 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique is disclosed that enables the run-time behavior of a data-processing system to be analyzed and, in many cases, to be predicted. In particular, the illustrative embodiment of the present invention comprises i) transforming the messages that constitute an unstructured log into a numerical series and ii) applying a time-series analysis on the resultant series for the purpose of pattern detection. Indeed, it is recognized in the illustrative embodiment that the problem really is to detect patterns that depict aspects of system behavior, regardless of the textual content of the individual log messages. In other words, by analyzing the totality of the messages in the log or logs—as opposed to looking for pre-defined patterns of the individual messages—system behavior can be mapped and understood. The mapping helps in characterizing the system for the purposes of predicting failure, determining the time required to reach stability during failure recovery, and so forth.

Citations

22 Claims

1. A method comprising:
- mapping a first plurality of messages from a message log to a mapped plurality of numerical values;
  
  performing a time-series analysis on the mapped plurality with respect to when the corresponding messages from the first plurality occur in time; and
  
  transmitting a signal that represents a characteristic of the time-series analysis.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the mapping of the first plurality comprises:
    - sorting the first plurality via a string-based sort technique into a sorted set of sorted messages; and
      
      assigning a numerical value to each sorted message based on its position in the sorted set, the numerical value constituting the mapped plurality.
  - 3. The method of claim 2 wherein the sorting is based on the Levenshtein distance between the messages in the first plurality.
  - 4. The method of claim 1 wherein the mapping of the first plurality comprises:
    - receiving a first message in the first plurality of messages;
      
      determining a distance between a first message string, which is representative of the first message, and a reference string; and
      
      assigning a numerical value to the distance, the numerical value constituting the mapped plurality.
  - 5. The method of claim 4 wherein the distance is based on one of the Levenshtein distance and the Hamming distance.
  - 6. The method of claim 5 further comprising:
    - partitioning the first message into J multiple substrings, J being an integer greater than one; and
      
      assigning weights to each substring based on the position of the string in the first message, the weighted set of substrings resulting in the first message string.
  - 7. The method of claim 6 wherein the value of J is based on an estimated number of possible messages in the message log.
  - 8. The method of claim 1 further comprising re-booting a data-processing system, based on the transmitted signal.

9. A method comprising:
- sorting a first plurality of messages from a message log via a string-based sort technique into a sorted set of sorted messages;
  
  assigning a numerical value to each sorted message based on its position in the sorted set, the numerical value constituting a mapped plurality of numerical values; and
  
  transmitting a signal that represents a time series of the mapped plurality of numerical values.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9 wherein the sorting is based on the Levenshtein distance between the messages in the first plurality.
  - 11. The method of claim 9 further comprising collating a second plurality of messages from the message log, resulting in a collated set of messages that comprises the first plurality.
  - 12. The method of claim 11 further comprising deleting at least one duplicate message from the collated set, resulting in a remaining set of messages that comprises the first plurality.
  - 13. The method of claim 9 further comprising:
    - performing a time-series analysis on the mapped plurality with respect to when the corresponding messages from the first plurality occur in time; and
      
      transmitting a signal that represents a characteristic of the time-series analysis.
  - 14. The method of claim 13 wherein the performing of the time-series analysis involves determining a message density of the mapped plurality.
  - 15. The method of claim 13 further comprising re-booting a data-processing system, based on the transmitted signal that represents a characteristic.

16. A method comprising:
- receiving a first message in a first plurality of messages from a message log;
  
  determining a distance between a first message string, which is representative of the first message, and a reference string;
  
  assigning a numerical value to the distance, the numerical value constituting a mapped plurality of numerical values; and
  
  transmitting a signal that represents a time series of the mapped plurality of numerical values.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The method of claim 16 wherein the distance is based on the Levenshtein distance.
  - 18. The method of claim 16 further comprising:
    - partitioning the first message into J multiple substrings, J being an integer greater than one; and
      
      assigning weights to each substring based on the position of the string in the first message, the weighted set of substrings resulting in the first message string.
  - 19. The method of claim 18 wherein the value of J is based on an estimated number of possible messages in the message log.
  - 20. The method of claim 16 further comprising:
    - performing a time-series analysis on the mapped plurality with respect to when the corresponding messages from the first plurality occur in time; and
      
      transmitting a signal that represents a characteristic of the time-series analysis.
  - 21. The method of claim 20 wherein the performing of the time-series analysis involves determining a message density of the mapped plurality.
  - 22. The method of claim 20 further comprising re-booting a data-processing system, based on the transmitted signal that represents a characteristic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arlington Technologies, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Avaya Technology LLC (Avaya Incorporated)
Inventors
Yajnik, Shalini, Singh, Navjot, Garg, Sachin, Vasireddy, Ranjith, Vasireddy, Sridhar

Granted Patent

US 8,073,806 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/2
CPC Class Codes

H04L 12/66 Arrangements for connecting...

Message Log Analysis for System Behavior Evaluation

First Claim

22 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Message Log Analysis for System Behavior Evaluation

First Claim

22 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links