Log-based anomaly detection is crucial for ensuring software system stability. However, the scarcity of labeled logs limits rapid deployment to new systems. Cross-system transfer has become an important research direction. State-of-the-art approaches perform well with a few labeled target logs, but limitations remain: small-model methods transfer general knowledge but overlook mismatches with the target system's proprietary knowledge; LLM-based methods can capture proprietary patterns but rely on a few positive examples and incur high inference cost. Existing LLM-small model collaborations route 'simple logs' to the small model and 'complex logs' to the LLM based on output uncertainty. In zero-label cross-system settings, supervised sample complexity is unavailable, and such routing does not consider knowledge separation. To address this, we propose GeneralLog, a novel LLM-small model collaborative method for zero-label cross-system log anomaly detection. GeneralLog dynamically routes unlabeled logs, letting the LLM handle 'proprietary logs' and the small model 'general logs,' enabling cross-system generalization without labeled target logs. Experiments on three public log datasets show that GeneralLog achieves over 90% F1-score under a fully zero-label setting, significantly outperforming existing methods.

翻译：基于日志的异常检测对于保障软件系统稳定性至关重要。然而，标注日志的稀缺性限制了其在新系统中的快速部署。跨系统迁移已成为重要的研究方向。现有先进方法在少量标注目标日志下表现良好，但仍存在局限：小模型方法迁移通用知识，却忽略了与目标系统专有知识的不匹配；基于大语言模型（LLM）的方法能捕捉专有模式，但依赖少量正例且推理成本高昂。现有LLM-小模型协作方法基于输出不确定性将‘简单日志’路由至小模型、‘复杂日志’路由至LLM。在零标签跨系统场景下，监督样本复杂度不可得，且此类路由未考虑知识分离。为此，我们提出GeneralLog——一种面向零标签跨系统日志异常检测的新型LLM-小模型协作方法。GeneralLog动态路由未标注日志，使LLM处理‘专有日志’、小模型处理‘通用日志’，实现在无标注目标日志下的跨系统泛化。在三个公开日志数据集上的实验表明，GeneralLog在完全零标签设定下取得超过90%的F1分数，显著优于现有方法。