Causality analysis and visualization of audit log




Gotru, Praveena

Journal Title

Journal ISSN

Volume Title



The visualization tool to be developed has three steps. The primary input is an event. There can be multiple sources of events. An event is stored in a log file or a logging server. Typically, an event is stored in a text form (string), and corresponds to one line of a log file. It is assumed that one event is given at a time. There are two more inputs: event type definition and causality definition. The format of an event varies with the type of the event and the log. The event type definition defines the format of events of interest. The first step of the tool is parsing the input event using the event definition. The intermediate result of this step is parsed events. The second step is to identify causality of events. The causality definition is given as an input file which defines the causal relationship among events. The output of the second step is a causal graph in a text form. The third step displays the text causal graph in a graphical form.


This item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.


Causality Analysis, Database connection, Event Log files, event parsing, Visualization of log files



Electrical and Computer Engineering