O'Reilly logo

Trace and Log Analysis: A Pattern Reference for Diagnostics and Anomaly Detection by Software Diagnostics Institute, Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

A

 

Abnormal Value

While preparing a presentation on malware narratives4, we found that one essential pattern is missing from the current log analysis pattern catalog. Most of the time, we see some abnormal or unexpected value in a software trace or log, such as a network address outside the expected range, and this triggers further investigation. The message structure may have the same Message Invariant, but the variable part may contain such values as depicted graphically:

Please note that we also have Significant Event pattern that is more general and also covers messages without variable part or just suspicious log entries.

 

Activity Disruption ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required