Information Technology systems generate system log messages to allow for the monitoring of the system. In increasingly large and complex systems the volume of log data can overwhelm the analysts tasked with monitoring these systems. A system was developed that utilizes Principal Component Analysis to assist the analyst in the characterization of system health and events. Once trained, the system was able to accurately identify a state of heavy load on a device with a low false positive rate. The system was also able to accurately identify an error condition when trained on a single event. The method employed is able to assist in the real time monitoring of large complex systems, increasing the efficiency of trained analysts.
College and Department
Ira A. Fulton College of Engineering and Technology; Technology
BYU ScholarsArchive Citation
Broadbent, Lane David, "Recognition of Infrastructure Events Using Principal Component Analysis" (2016). All Theses and Dissertations. 6197.
syslog, log analysis, principal component analysis