This work addresses the challenge of achieving both real-time performance and high accuracy in large-scale system log anomaly detection, a trade-off that existing methods struggle to balance. The authors propose a reinforcement learning fine-tuning framework based on GPT-Neo (1.3B), integrating Proximal Policy Optimization (PPO) and cross-entropy regularization, along with a novel position-aware reward mechanism that assigns higher rewards for correct predictions at earlier positions and stronger penalties for errors at later positions. This design significantly improves recall without compromising precision. Implemented with TensorRT acceleration and a Kafka/Redis microservice architecture, the system achieves F1 scores of 0.927, 0.913, and 0.984 on the HDFS, BGL, and Thunderbird datasets, respectively—yielding up to a 6-percentage-point recall improvement over LogGPT—and demonstrates production-level throughput of 15,000 events per second with an end-to-end latency of only 45 milliseconds.

Detecting anomalies in large-scale system logs is critical for the reliability and security of modern computing infrastructure. We present LogNEO, a log anomaly detector built on EleutherAI's GPT-Neo (1.3B parameters) and fine-tuned with a novel partial-credit, exponentially decaying position-aware reward scheme combined with cross-entropy regularisation via Proximal Policy Optimisation (PPO). The position-aware reward explicitly models prediction difficulty: early positions receive higher rewards for correct predictions, while later positions incur stronger penalties for errors. LogNEO attains F1-scores of 0.927, 0.913, and 0.984 on the HDFS, BGL, and Thunderbird benchmarks, improving recall by up to 6 percentage points over the prior state-of-the-art LogGPT while maintaining comparable precision. A production microservice deployment over Apache Kafka, Redis, and TensorRT-accelerated inference demonstrates 45 ms end-to-end latency at 15,000 events per second.