[logs] open source artificial ignorance-like systems
Marcus J. Ranum
mjr at ranum.com
Tue Apr 17 17:29:34 PDT 2007
Safier, Adam * wrote:
>I have to wonder if anyone has approached the Artificial Intelligence
>crowd with log analysis questions like this. It seems this would be
>right up their alley. I would think that LISP might be decent at
>processing something like a log file, though I admit I don't know enough
>to know which AI tree to bark up.
The problem is that logs are really a form of communication - which
means they're a language problem. AI can do some interesting
things with language but having a grammar (even approximate)
for the language is critical. UNfortunately for us log analysts
there isn't anything like an actual logging language. There's a
vocabulary, but the vocabulary isn't used consistently. :(
I.e.: what happens when you have a host named "root"?
You find that any word in the log vocabularly can mean
anything, which means that they all mean nothing.
mjr.
More information about the LogAnalysis
mailing list