基于启发式规则的流式在线日志解析方法
Streaming online log parsing method based on heuristic rule
蒋忠元 1陶梅悦 1赵晓庆 1方晓彤 2李兴华 1马建峰1
作者信息
- 1. 西安电子科技大学网络与信息安全学院,陕西 西安 710071
- 2. 中国船舶集团有限公司综合技术经济研究院,北京 100081
- 折叠
摘要
为了解决现有日志解析方法中存在的解析不准确、效果不稳定等问题,提出了一种基于启发式规则的流式在线日志解析方法——启发式正则树(HRTree).其在Drain方法解析结构树基础上,引入启发式规则对日志进行拆分构造,并优化了解析结构树的部分构造方式,从而解决了日志参数过拟合、不同系统日志解析结果不稳定的问题.实现了解析结果分类准确,且参数内容识别准确的解析效果.大量实验结果表明,所提出的HRTree方法在不同的系统日志上均展现了90%以上的解析准确率.
Abstract
To address the issues of inaccurate parsing and unstable performance in existing log parsing methods,a streaming online log parsing method based on heuristic rules,known as heuristic regex tree(HRTree),was proposed.Based on the drain method of parsing the structure tree,heuristic rules were introduced to split and construct the log,and some construction methods of the parse structure tree were optimized,so as to solve the problems of over fitting of log parameters and unstable parsing results of different system logs.Not only the classification of parsing results was accu-rate,but also the parameter content recognition was accurate.A large number of experimental results demonstrate that the proposed HRTree parsing method shows more than 90%parsing accuracy on different system logs.
关键词
海量日志/日志解析/启发式规则/HRTree方法/准确率Key words
massive log/log parsing/heuristic rule/HRTree method/accuracy引用本文复制引用
基金项目
国家重点研发计划(2022YFB2701800)
陕西省重点研发计划(2023-YBGY-270)
国家自然科学基金(62076191)
国家自然科学基金(61502375)
出版年
2024
国家科技期刊平台
NSTL
维普
万方数据