[Novalug] Looking for sample system and event logs..

Scott Musman musman@aug-sys.com
Wed Apr 2 19:23:20 EDT 2008


Hi,

Sorry if this an odd request, and I hope it's not inappropriate, but I'm
looking at developing a real-time on-line logfile anomaly detection
engine, and am hoping that some list members might be kind enough to
provide me with some samples of their logs. I can't develop the
algorithms without having typical logs to work with, and our own
environment just isn't that complex, and so I'm hoping for a wider
variety of activity characteristics to develop and evaluate against. 

Any system, web, or application logs you are willing to provide would
work fine (I'll even take Windoze if its offered..), so long as you can
provide at least a few 100k records that would be "representative" of
normal on your system. More ideally, disjoint samples of the same log
from different timeframes (i.e. a week or month apart) would be perfect.
I'm willing to sign an NDA if you're worried about disclosing private
information, or we can talk offline about how you could make your logs
anonymous before providing them.

Even if you don't have logs to offer, if you're interested in trying the
thing out when it's done let me know. The real trick on my end is going
to be to account for the differences in the way log entries cluster
without forcing the user to be a machine learning expert to operate the
tool.

Thanks for listening, and I hope someone can help out

	-- Scott




More information about the Novalug mailing list