NLP-Based .NET CLR Event Logs Analyzer
Maxim Stavtsev, Sergey Shershakov
TL;DR
The paper tackles the challenge of monitoring and optimizing software systems by analyzing large-scale .NET CLR event logs. It adapts NLP techniques by encoding logs as token sequences via a Unicode mapping and applying BPE tokenization, then trains a SqueezeBERT-based model from scratch for anomaly detection, with a SQLite-backed pipeline to cache results. Key contributions include multi-level pattern detection enabling substantial trace compression (from thousands of events to a few hundred tokens) and a practical anomaly-detection framework that achieves reasonable performance on synthetic data, highlighting the potential of NLP methods for CLR log analysis. The work demonstrates that transformer-based representations can capture normal versus abnormal execution patterns, offering a scalable approach to improve software reliability and stability in production environments.
Abstract
In this paper, we present a tool for analyzing .NET CLR event logs based on a novel method inspired by Natural Language Processing (NLP) approach. Our research addresses the growing need for effective monitoring and optimization of software systems through detailed event log analysis. We utilize a BERT-based architecture with an enhanced tokenization process customized to event logs. The tool, developed using Python, its libraries, and an SQLite database, allows both conducting experiments for academic purposes and efficiently solving industry-emerging tasks. Our experiments demonstrate the efficacy of our approach in compressing event sequences, detecting recurring patterns, and identifying anomalies. The trained model shows promising results, with a high accuracy rate in anomaly detection, which demonstrates the potential of NLP methods to improve the reliability and stability of software systems.