Log collection, structuring and processing
First Claim
1. A method for use on a plurality of log manager devices of a data system, wherein each of the plurality of log manager devices is configured to monitor a plurality of devices of one or more platforms to identify events for handling by an event manager, the method comprising the steps of:
- creating, at a first log manager device of the plurality of log manager devices, a first log processing rule having a filtering setting that identifies logs having a first of a plurality of classifications regarding a type of each log and a second log processing rule having a filtering setting that identifies logs received from a first source on the data system, wherein the first log processing rule includes a first data management setting that specifies to take or not take at least one action in relation to logs having the first classification, and wherein the second log processing rule includes a second data management setting that specifies the other of taking or not taking the at least one action in relation to logs having the first source;
establishing, at the first log manager device, a default setting stipulating that the second data management setting is to be applied instead of the first data management setting as to logs that match the filtering settings of both the first and second log processing rules;
receiving, at the first log manager device, an override setting indicating on that the default setting is to be ignored and the first data management setting is to be applied instead of the second data management setting as to logs that match the filtering settings of both the first and second log processing rules;
transmitting the override setting to each of the plurality of log manager devices based on a designation that the override setting is global;
receiving, at the first log manager device, logs generated at and transmitted from the plurality of devices of the one or more platforms;
identifying, at the first log manager device, at least a first of the received logs that matches the filtering settings of both the first and second log processing rules;
determining, at the first log manager device, that the first data management setting conflicts with the second data management setting; and
operating, based on the determining that first data management setting conflicts with the second data management setting, the first log manager device to implement the first data management setting on the first received log and ignore the second data management setting according to the override setting.
8 Assignments
0 Petitions
Accused Products
Abstract
Tools for use in obtaining useful information from processed log messages generated by a variety of network platforms (e.g., Windows servers, Linux servers, UNIX servers, databases, workstations, etc.). The log messages may be processed by one or more processing platforms or “log managers” using any appropriate rule base to identify “events” (i.e., log messages of somewhat heightened importance), and one or more “event managers” may analyze the events to determine whether alarms should be generated therefrom. The tools may be accessed via any appropriate user interface of a console that is in communication with the various log managers, event managers, etc., to perform numerous tasks in relation to logs, events and alarms.
-
Citations
17 Claims
-
1. A method for use on a plurality of log manager devices of a data system, wherein each of the plurality of log manager devices is configured to monitor a plurality of devices of one or more platforms to identify events for handling by an event manager, the method comprising the steps of:
-
creating, at a first log manager device of the plurality of log manager devices, a first log processing rule having a filtering setting that identifies logs having a first of a plurality of classifications regarding a type of each log and a second log processing rule having a filtering setting that identifies logs received from a first source on the data system, wherein the first log processing rule includes a first data management setting that specifies to take or not take at least one action in relation to logs having the first classification, and wherein the second log processing rule includes a second data management setting that specifies the other of taking or not taking the at least one action in relation to logs having the first source; establishing, at the first log manager device, a default setting stipulating that the second data management setting is to be applied instead of the first data management setting as to logs that match the filtering settings of both the first and second log processing rules; receiving, at the first log manager device, an override setting indicating on that the default setting is to be ignored and the first data management setting is to be applied instead of the second data management setting as to logs that match the filtering settings of both the first and second log processing rules; transmitting the override setting to each of the plurality of log manager devices based on a designation that the override setting is global; receiving, at the first log manager device, logs generated at and transmitted from the plurality of devices of the one or more platforms; identifying, at the first log manager device, at least a first of the received logs that matches the filtering settings of both the first and second log processing rules; determining, at the first log manager device, that the first data management setting conflicts with the second data management setting; and operating, based on the determining that first data management setting conflicts with the second data management setting, the first log manager device to implement the first data management setting on the first received log and ignore the second data management setting according to the override setting. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17)
-
-
9. A system for use in monitoring a plurality of devices of one or more platforms of a data system to identify events for handling by an event manager, the system comprising:
-
a processor; a plurality of log manager devices; and a non-transitory computer readable medium interconnected to the processor and including one or more non-transitory computer program products that are configured to; create, at a first log manager device of the plurality of log manager devices, a first log processing rule having a filtering setting that identifies logs having a first of a plurality of classifications regarding a type of each of log and a second log processing rule having a filtering setting that identifies logs received from a first source on the data system, wherein the first log processing rule includes a first data management setting that specifies to take or not take at least one action in relation to logs having the first classification, and wherein the second log processing rule includes a second data management setting that specifies the other of taking or not taking the at least one action in relation to logs having the first source; establish a default setting stipulating that the second data management setting is to be applied instead of the first data management setting as to logs that that match the filtering settings of both the first and second log processing rules; receive, at the first log manager device, an override setting indicating that the default setting is to be ignored and the first data management setting is to be applied instead of the second data management setting as to logs that that match the filtering settings of both the first and second log processing rules; transmit, as instructed by the processor, the override setting to each of the plurality of log manager devices based on a designation that the override setting is global; receive, at the first log manager device, logs generated at and transmitted from the plurality of devices of said one or more platforms; identify, at the first log manager device, at least a first of the received logs that matches the filtering settings of both the first and second log processing rules; determine, at the first log manager device, that the first data management setting conflicts with the second data management setting; and implement, by the first log manager device, the first data management setting on the first received log and ignore the second data management setting according to the override setting. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification