This package generates causal DAGs among time-series events in syslog data. This package works on python3. The input log data is loaded with AMULOG (https://github.com/cpflat/amulog). The output DAG is recorded in the format of NetworkX DiGraph.
This project was partially forked from repository LogCausalAnaysis. (https://github.com/cpflat/LogCausalAnalysis)
All features are available from command line. First you should try following help command python -m logdag -h.
short usage:
- Generate amulog database (and its config) as the input log time-series source
- Prepare logdag config file by referring
logdag/data/config.conf.default - Generate time-series db by
logdag.sourcefeatures - Generate DAGs by subcommand
makedag - See results by commands such as
show-subgraphs
See tutorial directory for more information.
This project is evaluated in some papers CNSM2019 and TNSM2018. If you use this code, please consider citing:
@inproceedings{Kobayashi_CNSM2019,
author = {Kobayashi, Satoru and Otomo, Kazuki and Fukuda, Kensuke},
booktitle = {Proceedings of the 15th International Conference on Network and Service Management (CNSM'20)},
title = {Causal analysis of network logs with layered protocols and topology knowledge},
pages = {1-9},
year = {2019}
}
@article{Kobayashi_TNSM2018,
author = {Kobayashi, Satoru and Otomo, Kazuki and Fukuda, Kensuke and Esaki, Hiroshi},
journal = {IEEE Transactions on Network and Service Management},
volume = {15},
number = {1},
pages = {53-67},
title = {Mining causes of network events in log data with causal inference},
year = {2018}
}3-Clause BSD license
Satoru Kobayashi