This work addresses the limitations of existing large language models in Windows event log analysis—namely high computational overhead, reliance on cloud infrastructure, insufficient security guarantees, and a lack of actionable remediation guidance. To overcome these challenges, the authors propose a localized solution that begins with the construction of a large-scale synthetic log dataset pairing observed issues with corresponding corrective actions. They then employ Low-Rank Adaptation (LoRA) to efficiently fine-tune a small language model for solution-oriented log interpretation. This approach represents the first application of small language models to generate actionable repair recommendations from system logs, achieving high diagnostic accuracy while substantially reducing computational demands. Experimental results demonstrate that the fine-tuned model outperforms large language models in suggestion relevance and exhibits strong alignment with expert judgments.

Large language models (LLMs) have shown promise for event log analysis, but their high computational requirements, reliance on cloud infrastructure, and security concerns limit practical deployment. In addition, most existing approaches focus only on the identification of the problem and do not provide actionable remediation. Small language models (SLMs) present a light-weight alternative that can be fine-tuned for a specific purpose and hosted locally. This paper investigates whether SLMs, when fine-tuned for a specific task, can serve as a practical alternative for event log analysis while also generating solutions. We first create a large-scale synthetic Windows event log dataset that contains remediation actions using a high-performing LLM. We then fine-tune multiple SLMs and LLMs using the LoRA parameter-efficient fine-tuning technique and evaluate their performance by comparing with expert assessment. The results show that the dataset accurately reflects real-world scenarios and that fine-tuned SLMs consistently outperform LLMs in identifying issues and providing relevant remediation, while requiring fewer computational resources.