in reply to Syslog event classification with Bayesian style filters

I think that one could certainly make this work. But pre-existing Bayesian filters are almost solely specialized for spam, so there would quite a bit of manual training of priors to reliably distinguish expected from surprising log entries. And because it is probabilistic, there will be a finite chance of false negatives, i.e., interesting events that get reported as boring.

More generally, program-generated log entries have precise, repeatable formats that make them much easier to detect and parse than natural language emails. So creating a filter using regexps (and perhaps a little parsing) to chuck the boring bits of a log is easy enough and is probably less sysadmin effort than training a new Bayesian system.

-Mark

  • Comment on Re: Syslog event classification with Bayesian style filters

Replies are listed 'Best First'.
Re: Re: Syslog event classification with Bayesian style filters
by tachyon (Chancellor) on Mar 14, 2004 at 23:57 UTC

    I really don't think this problem fits into Bayes space at all well. See Re: Syslog event classification with Bayesian style filters for more details. I totally agree with you that a regex based skip filter (a la logwatch) is not only the simplest but also likely to be the best approach.

    cheers

    tachyon

[reply]

In Section Seekers of Perl Wisdom