Anomaly detection from server log data: A case study

Sami Nousiainen, Jorma Kilpi, Paula Silvonen, Mikko Hiirsalmi

    Research output: Book/ReportReport

    1 Citation (Scopus)


    This study focuses on the analysis of server log data and the detection and potential prediction of anomalies related to the monitored servers. The issue is relevant in many mission-critical systems consisting of multiple servers. There it is favourable to be able detect and even foresee problems to be able to react promptly and apply required corrections to the system. In this study, we have done off-line analyses based on pre-recorded data. In reality, if the objective is to come up with solutions for detecting anomalies in real-time, additional requirements and constraints would be imposed on the algorithms to be used. For example, in on-line situation, higher requirements on the performance of the algorithm and on the amount of historical data available for the algorithm would exist. However, we do not address those issues in this preliminary study. In addition to the analysis of real data, we have interviewed experts that are working on the server-related issues on a daily basis. Based on those discussions, we have tried to formulate practical cases, for which some algorithms and tools could provide practical utility.
    Original languageEnglish
    Place of PublicationEspoo
    PublisherVTT Technical Research Centre of Finland
    Number of pages46
    ISBN (Electronic)978-951-38-7289-2
    Publication statusPublished - 2009
    MoE publication typeNot Eligible

    Publication series

    SeriesVTT Tiedotteita - Research Notes


    • anomaly detection
    • data mining
    • machine learning
    • SOM
    • self-organizing map
    • IT monitoring
    • server log file
    • CPU
    • memory
    • process


    Dive into the research topics of 'Anomaly detection from server log data: A case study'. Together they form a unique fingerprint.

    Cite this