Anomaly Detection Engine for Linux Logs (ADE)

How ADE integrates into your environment

Anomaly Detection Engine for Linux Logs (ADE) allows you to find unusual message traffic (anomalies) generated by one or more production Linux servers. It uses the files normally stored on DASD in /var/log/messages by a syslog daemon like syslog_ng or rsyslog. These log files in either RFC3164 or RFC5424 format are the input which is processed by the ADE. ADE writes a summary for each period (day) of the intervals within the day and for each interval a summary of the message traffic to the file system that can be examined using a standard web browser. Additional data which is used by ADE processing is stored in an JDBC compliant database.

Here is how ADE fits into a Linux environment

Where ADE fits

ADE can be used

To detect anomalies in Linux logs, which must be in either RFC3164 or RFC5424 format, use the following process: