Cisco Systems, Inc.
Anomaly detection and filtering based on system logs

Abstract:

Anomaly detection and filtering based on system logs is provided via receiving, at a first time, a first sequence of log entries from a networked system; generating, based on previously observed log entries including the first sequence of log entries, predicted log entries for a second time; receiving, at the second time, a second sequence of log entries from the networked system; determining whether the second sequence is anomalous based on comparing the second sequence with the predicted log entries; in response to determining that the second sequence is anomalous, determining whether the second sequence is noteworthy based on a function entropy of the first sequence and a sentiment polarity of the second sequence; and in response to determining that the second sequence is noteworthy, generating an anomaly report that includes the second sequence and a root cause.