An Evaluation of Entropy Based Approaches to Alert Detection in High Performance Cluster Logs

Manual alert detection on modern high performance clusters (HPC) is cumbersome given their increasing complexity and size of their logs. The ability to automatically detect such alerts quickly and accurately with little or no human intervention is therefore desirable. The entropy-based approach of the Nodeinfo framework, which is in production use at Sandia National Laboratories, is one approach to automatic alert detection in HPC logs. In this work, we perform a comparative evaluation of three entropy based techniques, which are modifications to Nodeinfo. We evaluate these systems using three performance metrics, namely (i) Computational cost, (ii) detection accuracy, and (iii) false positive rate. Our results show that there is still room for improvement in entropy based approaches to the task of alert detection. We also show experimentally that it is possible to detect 100% of all alerts while maintaining an effective false positive rate of 0% using an entropy based approach. Our work suggests that entropy based approaches are viable for automatic alert detection in HPC and can improve the dependability of such systems if applied.