Skip to content
John Mertic edited this page Apr 20, 2018 · 21 revisions

Anomaly Detection Engine for Linux Logs (ADE)

ADE can process a large numbers of logs from a large number of Linux systems to create a compact summary of those logs. The summary identifies and consolidates similar text strings into a single message and assigns it a key (message id).  The summary determines if  the message id are being issued when expected, are being issued at the expected rate during a time slice, and how often during the day are the message or a similar message (same message id) issued.

You can use those results to examine

  • A set of logs to find anomalies which may be helpful when attempting to find the root cause of a problem or incident
  • The currently generated logs to find anomalies which may be helpful when attempting to find the cause of an on-going problem or incident

More details about ADE are available in Github pages http://openmainframeproject.github.io/ade/ .

Core Infrastructure Initiative Self Assessment

Frequently Asked Questions

Hints and Tips

Other resources

  • [Presentation by James Caffrey at Marist ECC 2016 conference](ADE - finding the unusual in logs.ppt)

Made contain links to external web pages that are not maintained by ADE