English

RAGLog: Log Anomaly Detection using Retrieval Augmented Generation

Cryptography and Security 2023-11-10 v1

Abstract

The ability to detect log anomalies from system logs is a vital activity needed to ensure cyber resiliency of systems. It is applied for fault identification or facilitate cyber investigation and digital forensics. However, as logs belonging to different systems and components differ significantly, the challenge to perform such analysis is humanly challenging from the volume, variety and velocity of logs. This is further complicated by the lack or unavailability of anomalous log entries to develop trained machine learning or artificial intelligence models for such purposes. In this research work, we explore the use of a Retrieval Augmented Large Language Model that leverages a vector database to detect anomalies from logs. We used a Question and Answer configuration pipeline. To the best of our knowledge, our experiment which we called RAGLog is a novel one and the experimental results show much promise.

Keywords

Cite

@article{arxiv.2311.05261,
  title  = {RAGLog: Log Anomaly Detection using Retrieval Augmented Generation},
  author = {Jonathan Pan and Swee Liang Wong and Yidi Yuan},
  journal= {arXiv preprint arXiv:2311.05261},
  year   = {2023}
}

Comments

arXiv admin note: substantial text overlap with arXiv:2203.10960

R2 v1 2026-06-28T13:15:59.574Z