Context-aware network logging is becoming more prevalent for enterprise networks, data centers, and forensics. Monitoring agents are strategically placed to generate log files from the activity of interests from various network points. In a distributed architecture, these agents are scattered across multiple nodes, and they have limited network visibility. Consequently, the resulting logs become fragmented and less perceptible without a unified network context. Besides, aggregating useful information from a diverse management protocol with various languages, syntax styles, and notations requires complex semantic understanding to synthesize these log files. Currently, general-purpose logs like SNMP's logs only provide parametric values at connection levels but lacks incident-specific information. Meanwhile, proprietary services like AWS CloudTrail identify more contexts at the incident-level, but they only work on selected products and infrastructure. This paper proposed a platform-agnostic log decoding and generation algorithm (SAG) for network logging that is semantic aware using context aggregation. Firstly, a protocol-agnostic controller acts as a master to collect logs from agents running in routers, firewall, IDS/IPS, load balancers, managed switches, and servers. From these logs, three traffic models, namely (1) service-activity model (SaM), (2) general-activity model (GaM), and (3) device-activity model (DaM), are trained using artificial neural network (ANN). The log generator then uses the context-filling technique to resolve and construct log entries using a generic sentence template while inferring from these machine-learning models. A sentence smoothing technique is designed to restructure entities in the logs based on traffic directionality for semantic correctness. The experimental result shows that SAG's logs have 1.8 times more contexts resolved for improved log's perceptibility.

对于企业网络，数据中心和取证而言，上下文感知的网络日志记录正变得越来越普遍。策略性地放置了监视代理程序，以从各个网络点的兴趣活动中生成日志文件。在分布式体系结构中，这些代理分散在多个节点上，并且它们的网络可见性有限。因此，如果没有统一的网络上下文，生成的日志将变得零散且难以察觉。此外，从具有各种语言，语法样式和符号的各种管理协议中收集有用的信息，需要复杂的语义理解才能合成这些日志文件。当前，通用日志（如SNMP的日志）仅提供连接级别的参数值，但缺少事件特定的信息。同时，诸如AWS CloudTrail之类的专有服务可以在事件级别识别更多上下文，但是它们仅适用于选定的产品和基础架构。本文提出了一种与平台无关的用于网络日志记录的日志解码和生成算法（SAG），该算法使用上下文聚合来感知语义。首先，与协议无关的控制器充当从收集在路由器，防火墙，IDS / IPS，负载均衡器，受管交换机和服务器中运行的代理的日志的主服务器。从这些日志中，使用人工神经网络训练了三个流量模型，即（1）服务活动模型（SaM），（2）通用活动模型（GaM）和（3）设备活动模型（DaM）（人工神经网络）。然后，日志生成器使用上下文填充技术使用通用句子模板来解析和构建日志条目，同时从这些机器学习模型进行推断。句子平滑技术被设计为基于流量方向性来重组日志中的实体，以实现语义正确性。实验结果表明，SAG的日志的上下文解析度提高了1.8倍，从而提高了日志的可感知性。