Log anomaly detection refers to the task that distinguishes the anomalous log messages from normal log messages. Transformer-based large language models (LLMs) are becoming popular for log anomaly detection because of their superb ability to understand complex and long language patterns. In this paper, we propose LogLLaMA, a novel framework that leverages LLaMA2. LogLLaMA is first finetuned on normal log messages from three large-scale datasets to learn their patterns. After finetuning, the model is capable of generating successive log messages given previous log messages. Our generative model is further trained to identify anomalous log messages using reinforcement learning (RL). The experimental results show that LogLLaMA outperforms the state-of-the-art approaches for anomaly detection on BGL, Thunderbird, and HDFS datasets.

翻译：日志异常检测旨在从正常日志消息中识别异常日志消息。基于Transformer的大语言模型因其出色的复杂长文本模式理解能力，正逐渐成为日志异常检测的主流方法。本文提出LogLLaMA——一种基于LLaMA2的新型日志异常检测框架。该框架首先在三个大规模数据集的正常日志消息上进行微调，以学习其模式。微调后的模型能够根据先前的日志消息生成后续日志消息。我们进一步通过强化学习训练该生成式模型以识别异常日志消息。实验结果表明，在BGL、Thunderbird和HDFS数据集上，LogLLaMA在异常检测任务中优于现有最先进方法。