ABSTRACT
The proliferation of mobile computing, the Internet of Things, hosting services, and
cloud computing has increased the burden of computer log file analysis for system
administrators, network analysts, security analysts, and large server hosting
organizations. This is due to the voluminous amounts of log entries now produced
by these technologies. Since log file analysis is used to monitor and control the
overall health of the computer systems behind these technologies, it has become
increasingly important. The spike in the number of log entries has made real-time
log analysis by human effort untenable and automated real-time log analysis
essential. The log analysis process often requires human insight and judgment
before a diagnosis or information synthesis becomes apparent. So while automated
log analysis methods are essential, they must also be knowledge-based to be effective.
In this paper, we describe a knowledge-based approach to partial computer self-regulation that uses autonomous epistemic agents to analyze and diagnose syslog entries in real-time, using a priori and posteriori knowledge of log file analysis within a hybrid deductive abductive first order logic model. The epistemic agent uses its a priori knowledge of Unix/Linux-based computer systems in conjunction with posteriori knowledge extracted from log file entries to uncover negative and positive scenarios and take advantage of opportunities to regulate a computer system's homeostasis.
