logdata-anomaly-miner: parses log data and allows to define analysis pipelines for anomaly detection

logdata-anomaly-miner

This tool parses log data and allows to definition of analysis pipelines for anomaly detection. It was designed to run the analysis with limited resources and the lowest possible permissions to make it suitable for production server use.

The logdata-anomaly-miner can be configured in two different formats: yaml and python. The preferred format is yaml and the default configuration file for it is /etc/aminer/config.yaml. The python-format can be configured in /etc/aminer/config.py and offers advanced possibilities to configure the logdata-anomaly-miner. However, this is only recommended for experts, as no errors are caught in the python configuration, which can make debugging very difficult. For both formats, there are template configurations in /etc/aminer/template_config.yaml and /etc/aminer/template_config.py.

The basic structure of the logdata-anomaly-miner is illustrated in the following diagram:

Analysis Pipeline

The core component of the logdata-anomaly-miner is the “analysis pipeline”. It consists of the parts INPUT, ANALYSIS, and OUTPUT.

anomaly detection

Install & Use

© Copyright 2021, Florian Skopik, Markus Wurzenberger, Max Landauer, Roman Fiedler, Wolfgang Hotwagner, Ernst Leierzopf, Georg Hoeld.