Analysis Framework for Logs in Communication Devices

Analysis Framework for Logs in Communication Devices

Kiran Mary Matthew (VIT University, Chennai Campus, Chennai, India) and Abdul Quadir Md (VIT University, Chennai Campus, Chennai, India)
Copyright: © 2018 |Pages: 12
DOI: 10.4018/IJWP.2018010102

Abstract

This article describes how logging is an important mechanism that is being used in almost all kinds of devices. It is used for tracking events during the running of a software. In this case, programs are developed by the software developers in such a way that whenever an event happens it can be recorded. Among its many uses, system troubleshooting is of greatest importance. Manual methods of logging can be adopted when dealing with a smaller process but mostly log sizes can go from kilobytes to terabytes in size for which log analyzing tools are required. In addition to that, those tools should be capable of extracting all the relevant information so that it becomes easy to highlight the ongoing issues in an effective manner. This article proposes a dedicated analysis framework for deep log analysis in communication devices.
Article Preview

2. Literature Survey

Research by Hermanowski (2015) talks about Open Source Security Information Management (OSSIM) which is a system built on top of many small and large open source tools to support the network administrators in intrusion detection and prevention. It was developed as an initiative of AlienVault Company for the centralized management of their configurations. It consists of four logical components: a server, a database, main framework and sensors. There can be multiple sensors deployed at different physical locations. Roles of the server component include inventory management, policy management, event correlation and task scheduling. The sensor is responsible for vulnerability scanning, network and inventory monitoring. The database stores the collected events. Context for an incident is made from various data sources using logical trees that define the rules. Rules are triggered when at least one of the event is matched. They contain parametres that are either optional or required. Their evaluation sequence is from the root to the leaves. Each rule is assigned a risk value based on their priority and reliability using the formula: Risk = AssetValue * Priority * Reliability / 25. An alarm sets on, each time the threshold value is crossed. Its advantage is that it unifies the common security tools and their management in to a single and consistent user-friendly interface. Its disadvantages include zero documentation for developers due to lack of visibility in the implementation of underlying tools and lack of raw log storage.

Oliner, Adam and Archana (2011) give an overview of various methods of log analysis and its common applications. Applications include optimizing system performance, security applications, prediction, profiling resource utilization and as a logging infrastructure. Some of the challenges include difficulty in using single log file to monitor events in different systems, management of logging process and using the right analytical tool for mining data.

Carasso (2012) explains about Splunk, which is a software for analyzing and monitoring logs using web interface. It finds the cause of system failure by first gathering data from multiple locations and indexing them in a centralized way. This ensures an effortless searching. It can even find out the time of first occurrence of the problem. It also provides data visualization. It is very popular among system and network analysts due to its centralized nature.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 11: 2 Issues (2019): Forthcoming, Available for Pre-Order
Volume 10: 2 Issues (2018): 1 Released, 1 Forthcoming
Volume 9: 2 Issues (2017)
Volume 8: 1 Issue (2016)
Volume 7: 2 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing