Integrated Intelligent Network and System Management
Rony Gabriel,
M.Tech,
00,
42 pp.
Department of
Computer Science and Engineering
Indian Institute of Technology Bombay,
Powai, Mumbai 400 076.
Supervisor(s):
G. Sivakumar
System logs contain valuable information about various services, such as
logins, ftp sessions, mails, web and proxy sessions, and unauthorized
resource usage. Enormous amount of data contained in log files
are wasted because of the lack of proper tapping tools. If properly
refined and summarized, this information can be used for various purposes
like generating accounting and performance data, detecting faults and
failures, and detecting intrusions. These can then be used to alert
system maintainers and for automating failure recovery. In networked
environments, one has to correlate the log information from different
machines. This is very critical when analyzing distributed attacks on
a network. Substantial investment in human resources is required to
sift through the vast quantity of information and correlating information
from different sources.
We have given design and implementation of a high level
scripting language to prune/summarize the log data. We also present a
management architecture, based on the above language, for distributed
data collection and centralized analysis and correlation.