LogHound - a tool for mining frequent patterns from event logs

LogHound is a tool that was designed for finding frequent patterns from event log data sets with the help of a breadth-first frequent itemset mining algorithm. LogHound can be employed for mining frequent line patterns from raw event logs, e.g.,

Dec 18 * myhost.mydomain * log: Connection from * port
Dec 18 * myhost.mydomain * log: Password authentication for * accepted.

but also for mining frequent event type patterns from preprocessed event logs.

LogHound has been tested on Redhat Linux and Solaris (compiled with gcc), but is likely to compile and work on other platforms as well.

For more information, read the man page. There is also a paper about LogHound (LNCS Vol. 3283, © Springer-Verlag).

Papers about the application of LogHound for log mining and IDS alert classification have been published at NOMS 2008, MILCOM 2009 and CNSM 2010.

Download:

loghound-0.01 (2004-04-13)