Sisyphus: an event log data-mining toolkit

Sisyphus - a log data-mining toolkit

Demos | Defining Supercomputer RAS

Sisyphus is an easy way to find important stuff in logs. Yes it provides fast index-based searches when you know what to look for, but its distinguishing feature is that it helps you find anomalies when you don't know what to look for. It ranks log files and colorizes words based on information theory (answering "what is the strangest logfile, and why?"). It provides useful file and word statistics in tabular and plot formats. It uses Vaarandi's excellent loghound program to generate message templates for you (which you can then use as regular expressions in monitoring programs if you wish). Web and command line interfaces are included.

Sisyphus has been developed specifically for use with supercomputer syslogs, based on the premise that similar computers correctly executing similar workload should produce similar logs (thus, anomalies warrant investigation). But it is general enough to be used on other log types (if your logs are not syslog, you will have to tweak arguments and/or provide a parser).

Latest Release: 1.6 on 2008-04-14 (readme, changelog, download). License: LGPL.

Mailing Lists: See sisyphus-announce for release announcements, and sisyphus for general help and discussion.

Contact: Email Jon Stearley <jrstear@sandia.gov> for further information.