Invention Application
- Patent Title: METHODS AND SYSTEMS TO DETECT ANOMALIES IN COMPUTER SYSTEM BEHAVIOR BASED ON LOG-FILE SAMPLING
-
Application No.: US14963100Application Date: 2015-12-08
-
Publication No.: US20170163669A1Publication Date: 2017-06-08
- Inventor: Darren Brown , Junyuan Lin , Nicholas Kushmerick
- Applicant: VMware, Inc.
- Applicant Address: US CA Palo Alto
- Assignee: VMware, Inc.
- Current Assignee: VMware, Inc.
- Current Assignee Address: US CA Palo Alto
- Main IPC: H04L29/06
- IPC: H04L29/06 ; G06N7/00 ; H04L12/26

Abstract:
Methods and systems that detect computer system anomalies based on log file sampling are described. Computers systems generate log files that record various types of operating system and software run events in event messages. For each computer system, a sample of event messages are collected in a first time interval and a sample of event messages are collected in a recent second time interval. Methods calculate a difference between the event messages collected in the first and second time intervals. When the difference is greater than a threshold, an alert is generated. The process of repeatedly collecting a sample of event messages in a recent time interval, calculating a difference between the event messages collected in the recent and previous time intervals, comparing the difference to the threshold, and generating an alert when the threshold is violated may be executed for each computer system of a cluster of computer systems.
Public/Granted literature
- US10116675B2 Methods and systems to detect anomalies in computer system behavior based on log-file sampling Public/Granted day:2018-10-30
Information query