An unsupervised framework for detecting anomalous messages from syslog log files.

System logs provide valuable information about the health status of IT systems and computer networks. Therefore, log file monitoring has been identified as an important system and network management technique. While many solutions have been developed for monitoring known log messages, the detection of previously unknown error conditions has remained a difficult problem. In this paper, we present a novel data mining based framework for detecting anomalous log messages from syslog-based system log files. We also describe the implementation and performance of the framework in a large organizational network.