SLCT - simple logfile clustering tool

SLCT is a tool that was designed to find clusters in logfile(s), so that each cluster corresponds to a certain line pattern that occurs frequently enough. Here are some examples of the clusters that SLCT is able to detect:

Dec 18 * myhost.mydomain sshd[*]: log: Connection from * port *
Dec 18 * myhost.mydomain sshd[*]: log: Password authentication for * accepted.

With the help of SLCT, one can quickly build a model of logfile(s), and also identify rare lines that do not fit the model (and are possibly anomalous).

SLCT has been tested on Linux and Solaris (compiled with gcc), but is likely to compile and work on other platforms as well.

For more information, read the man page. There is also a paper about SLCT (published at IEEE IPOM'2003).

Download:

slct-0.05 (2007-09-09)
slct-0.04 (2003-10-09)
slct-0.03 (2003-08-25)
slct-0.02 (2003-05-26)
slct-0.01 (2003-04-13)

Should you have questions, contact the author: http://kodu.neti.ee/~risto.