On September 20th, 2022, Augtera Networks announced LogAI, the evolution of Real-Time Syslog, now including JSON/UDP and JSON/Kafka.
Go to the LogAI page for more information.
Augtera Networks Real-Time Syslog is an industry-first. Automated incident detection and action, based on log messages, in real-time, identifying both known anomaly signatures, and unknown unknowns.
Real-time Classifiers
For solutions developed by network operations teams, detecting patterns can take laborious amounts of work, leading to a low yield. When rules are identified, it can take months for a software update to be created to implement the rule.
Augtera’s syslog classifiers are patterns that have been learned by the Augtera platform across the customer base. This network learning is disseminated to all deployments.
Classifiers allow an operations team to specify many actions, including labeling, changing severity level, mirroring the event to a Kafka destination, and more.
Real-Time Change Anomalies
The Augtera platform makes extensive use of machine learning, leveraging Augtera-developed, networking-specific algorithms. One aspect that is relevant to Real-Time Syslog is the identification of Rate Change anomalies. When the rate of a syslog message changes, that my indicate an anomaly.
Real-Time Syslog Natural Language Processing (NLP)
Augtera announced in April 2022 an industry-first, the use of natural language processing to analyze streaming syslog messages at high rates, billions of messages a day, without loss. This provides the Augtera Platform to compare different messages in a more sophisticated way than simple text comparisons. This technology can understand the difference between common and variable parts of a message, and other semantic differences, to identify truly unique and new messages. Other innovations from this technology will be in future releases of the platform.
Real-Time Syslog Anomalies
The Augtera platform identifies three classes of anomalies:
- Classifier-based anomalies
- Rate change anomalies
- Zero Day Anomalies
Classifier-based anomalies are rule-like anomalies. Rate change anomalies detect changes in the rate at which message types are received. Zero Day Anomalies are new types of messages that have not been detected before and therefore may be symptoms of new anomalies. If so, classifiers can quickly be created and implemented for subsequent identification.
Conclusion
Syslog is now a Real-Time resource. A wealth of information that can be leveraged at the speed of streaming data and used in correlation with other data types as well as for anomaly detection. The integration of natural language processing provides an understanding of syslog messages not previously available in operations tools.
The result is high-fidelity, real-time signals to trouble ticketing systems, automation systems, and NetOps teams.
For more information:
Related Links
Links to related information and commentary on Augtera’s Real-Time Syslog
- Press Release: Augtera’s NLP Marks a New Era in Real-Time Action from Streaming Log Data
- Augtera blog: Real-time NLP: A New Era in Anomaly Detection for Logs
- Tech Field Day/Networking Field Day 28 video presentation: Augtera Real-Time Syslog
