A comparison of syslog and IS-IS for network failure analysis

Daniel Turner; Kirill Levchenko; Stefan Savage; Alex C. Snoeren

doi:10.1145/2504730.2504766

A comparison of syslog and IS-IS for network failure analysis

Daniel Turner, Kirill Levchenko, Stefan Savage, Alex C. Snoeren

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Accurate reporting and analysis of network failures has historically required instrumentation (e.g., dedicated tracing of routing protocol state) that is rarely available in practice. In previous work, our group has proposed that a combination of common data sources could be substituted instead. In particular, by opportunistically stitching together data from router configuration logs and syslog messages, we demonstrated that a granular picture of network failures could be resolved and verified with human trouble tickets. In this paper, we more fully evaluate the fidelity of this approach, by comparing with high-quality "ground truth" data derived from an analysis of contemporaneous IS-IS routing protocol messages. We identify areas of agreement and disparity between these data sources, as well as potential ways to correct disparities when possible.

Original language	English (US)
Title of host publication	IMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference
Pages	433-439
Number of pages	7
DOIs	https://doi.org/10.1145/2504730.2504766
State	Published - 2013
Externally published	Yes
Event	13th ACM Internet Measurement Conference, IMC 2013 - Barcelona, Spain Duration: Oct 23 2013 → Oct 25 2013

Publication series

Name	Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Other

Other	13th ACM Internet Measurement Conference, IMC 2013
Country/Territory	Spain
City	Barcelona
Period	10/23/13 → 10/25/13

Keywords

IS-IS
Measurement
Reliability
Syslog

ASJC Scopus subject areas

Software
Computer Networks and Communications

Online availability

10.1145/2504730.2504766

Library availability

Discover UIUC Full Text

Cite this

A comparison of syslog and IS-IS for network failure analysis. / Turner, Daniel; Levchenko, Kirill; Savage, Stefan et al.
IMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference. 2013. p. 433-439 (Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Turner, D, Levchenko, K, Savage, S & Snoeren, AC 2013, A comparison of syslog and IS-IS for network failure analysis. in IMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference. Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC, pp. 433-439, 13th ACM Internet Measurement Conference, IMC 2013, Barcelona, Spain, 10/23/13. https://doi.org/10.1145/2504730.2504766

@inproceedings{8b36343a64b04f2e9da838fb8de65122,

title = "A comparison of syslog and IS-IS for network failure analysis",

abstract = "Accurate reporting and analysis of network failures has historically required instrumentation (e.g., dedicated tracing of routing protocol state) that is rarely available in practice. In previous work, our group has proposed that a combination of common data sources could be substituted instead. In particular, by opportunistically stitching together data from router configuration logs and syslog messages, we demonstrated that a granular picture of network failures could be resolved and verified with human trouble tickets. In this paper, we more fully evaluate the fidelity of this approach, by comparing with high-quality {"}ground truth{"} data derived from an analysis of contemporaneous IS-IS routing protocol messages. We identify areas of agreement and disparity between these data sources, as well as potential ways to correct disparities when possible.",

keywords = "IS-IS, Measurement, Reliability, Syslog",

author = "Daniel Turner and Kirill Levchenko and Stefan Savage and Snoeren, {Alex C.}",

year = "2013",

doi = "10.1145/2504730.2504766",

language = "English (US)",

isbn = "9781450319539",

series = "Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC",

pages = "433--439",

booktitle = "IMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference",

note = "13th ACM Internet Measurement Conference, IMC 2013 ; Conference date: 23-10-2013 Through 25-10-2013",

}

TY - GEN

T1 - A comparison of syslog and IS-IS for network failure analysis

AU - Turner, Daniel

AU - Levchenko, Kirill

AU - Savage, Stefan

AU - Snoeren, Alex C.

PY - 2013

Y1 - 2013

N2 - Accurate reporting and analysis of network failures has historically required instrumentation (e.g., dedicated tracing of routing protocol state) that is rarely available in practice. In previous work, our group has proposed that a combination of common data sources could be substituted instead. In particular, by opportunistically stitching together data from router configuration logs and syslog messages, we demonstrated that a granular picture of network failures could be resolved and verified with human trouble tickets. In this paper, we more fully evaluate the fidelity of this approach, by comparing with high-quality "ground truth" data derived from an analysis of contemporaneous IS-IS routing protocol messages. We identify areas of agreement and disparity between these data sources, as well as potential ways to correct disparities when possible.

AB - Accurate reporting and analysis of network failures has historically required instrumentation (e.g., dedicated tracing of routing protocol state) that is rarely available in practice. In previous work, our group has proposed that a combination of common data sources could be substituted instead. In particular, by opportunistically stitching together data from router configuration logs and syslog messages, we demonstrated that a granular picture of network failures could be resolved and verified with human trouble tickets. In this paper, we more fully evaluate the fidelity of this approach, by comparing with high-quality "ground truth" data derived from an analysis of contemporaneous IS-IS routing protocol messages. We identify areas of agreement and disparity between these data sources, as well as potential ways to correct disparities when possible.

KW - IS-IS

KW - Measurement

KW - Reliability

KW - Syslog

UR - http://www.scopus.com/inward/record.url?scp=84890097362&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84890097362&partnerID=8YFLogxK

U2 - 10.1145/2504730.2504766

DO - 10.1145/2504730.2504766

M3 - Conference contribution

AN - SCOPUS:84890097362

SN - 9781450319539

T3 - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

SP - 433

EP - 439

BT - IMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference

T2 - 13th ACM Internet Measurement Conference, IMC 2013

Y2 - 23 October 2013 through 25 October 2013

ER -

A comparison of syslog and IS-IS for network failure analysis

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this