Anomaly detection Engine for Linux Logs (ADE)

Checking logs for anomalies - analyze

analyze is a bash script which invokes the correct Java class after setting up the environment needed. analyze parses the log, loads the information into the JDBC compliant database for use by verify and train, and uses the model created by train to detect anomalies, unusual behavior, in the Linux logs.


Use analyze to detect anomalies in Linux logs after a model has been created by train. analyze can process Linux logs in RFC 3164 or RFC 5424 format. The logs can be in either files stored in the file system or in “stdin”.



Option Required Details
-d either -f or -d are required Name of directory to be loaded into ADE
-f either -f or -d are required Name of file to be loaded into ADE or “stdin”
-g no GMT offset of the system which created the log
-h no Print out help information
-o no Name of operating system that generated log, defaults to Linux
-s no System name
-years no Year of the message log, the default is that it contains the current day
-dump_parse_report no Creates a report of parsing failures

Files created by analyze

If you are using the defaults shipped with ADE, the following directories and files are created:


analyze does not support merging of logs. If you analyze data for an interval which already exists, the existing data will be replaced.