Field of the Invention
The present invention relates to managed systems management and more particularly to log file analysis during managed systems management.
Description of the Related Art
Managed systems refer to the remote management of an aggregation of different components of a computing system including one or more different servers, routers and switches and the different computer programs that operate therein. Remote management involves the monitoring of the operational state of each component of the computing system, the detection of one or more faults in one or more of these components and the diagnosis of a cause for each fault and potentially a remedy for each fault. Central to remote management, then, is the utilization of log file analysis with respect to each monitored component of the computing system.
Log file analysis generally involves the invocation of a resource consumptive debug mode in selected components of a managed system and the parsing of different log entries in different log files of different components of a managed system resulting from the debug mode. The analysis of the log file involves reading into memory entries of a log file for various monitored operational parameters of a monitored component and the detection of one or more anomalies therein. Based upon the nature of a detected anomaly in a log file, a table or rule may be consulted mapping to the nature of the detected anomaly so as to produce a recommended action requisite to remediating a fault resultant from the detected anomaly. In most instances, much of the foregoing process is a manual process heavily dependent upon the specific knowledge of the end user analyzing the log file.
In this regard, once an anomaly has been detected by way of a particular log for a corresponding particular component of a managed system, a manual process of component diagnostics ensues. A manually intensive process, component diagnostics ordinarily involves the remote invocation by a skilled individual of a sequence of different debug mode commands and the interpretation of the result of each different component command. The result received for each debut mode command then is compared by the skilled individual to an expected result so as to properly identify the root cause of a fault within the particular component.
As it will be understood, then, in a managed system of many different components of a disparate nature, many different skilled individuals are required to properly diagnose all components of the managed system excepting for the instance where one individual possesses a universal expert understanding of all components of the managed system—a rarity at best. More importantly, given the consumptive nature of the use of a debug mode, a strategic and, by definition, limited use of debug mode is desired.