Adaptive network monitoring with tuneable elastic granularity
First Claim
1. A method for monitoring network traffic using one or more network computers, wherein execution of instructions by the one or more network computers perform the method comprising:
- instantiating a monitoring engine to perform actions, including;
providing one or more monitoring triggers, wherein each monitoring trigger is associated with one or more conditions and one or more actions;
monitoring information that is associated with network traffic associated with one or more networks based on an inspection detail level;
comparing the monitored information to the one or more conditions associated with the one or more monitoring triggers;
adaptively activating one or more of the one or more monitoring triggers based on a result of the comparison; and
modifying the inspection detail level based on the one or more actions associated with the one or more activated monitoring triggers and an available amount of one or more of compute, data storage or network resources, wherein the modification of the inspection detail level initiates or stops deep packet detail level inspection of packets captured in an amount of the monitored information for the one or more activated monitoring triggers provided by the monitoring engine; and
instantiating an analysis engine to perform actions, including, providing analysis of the network traffic based on the inspected packets of the amount of monitored information.
6 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to monitoring network traffic using network computers. Monitoring triggers associated with one or more conditions and one or more actions may be provided. A monitoring engine may monitor information that is associated with network traffic associated with networks based on an inspection detail level. The monitoring engine may compare the monitored information to the conditions associated with the monitoring triggers. The monitoring engine may activate one or more monitoring triggers based on a result of the comparison. The monitoring engine may modify the inspection detail level based on the actions associated with the activated monitoring triggers to increase the amount of the information monitored by the monitoring engine. An analysis engine may provide analysis of the network traffic based on the monitored information.
231 Citations
30 Claims
-
1. A method for monitoring network traffic using one or more network computers, wherein execution of instructions by the one or more network computers perform the method comprising:
-
instantiating a monitoring engine to perform actions, including; providing one or more monitoring triggers, wherein each monitoring trigger is associated with one or more conditions and one or more actions; monitoring information that is associated with network traffic associated with one or more networks based on an inspection detail level; comparing the monitored information to the one or more conditions associated with the one or more monitoring triggers; adaptively activating one or more of the one or more monitoring triggers based on a result of the comparison; and modifying the inspection detail level based on the one or more actions associated with the one or more activated monitoring triggers and an available amount of one or more of compute, data storage or network resources, wherein the modification of the inspection detail level initiates or stops deep packet detail level inspection of packets captured in an amount of the monitored information for the one or more activated monitoring triggers provided by the monitoring engine; and instantiating an analysis engine to perform actions, including, providing analysis of the network traffic based on the inspected packets of the amount of monitored information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A processor readable non-transitory storage media that includes instructions for monitoring network traffic using one or more network monitoring computers, wherein execution of the instructions by the one or more network computers perform the method comprising:
-
instantiating a monitoring engine to perform actions, including; providing one or more monitoring triggers, wherein each monitoring trigger is associated with one or more conditions and one or more actions; monitoring information that is associated with network traffic that is associated with one or more networks based on an inspection detail level; comparing the monitored information to the one or more conditions associated with the one or more monitoring triggers; adaptively activating one or more of the one or more monitoring triggers based on a result of the comparison; and modifying the inspection detail level based on the one or more actions associated with the one or more activated monitoring triggers and an available amount of one or more of compute, data storage or network resources, wherein the modification of the inspection detail level initiates or stops deep packet detail level inspection of packets captured in an amount of the monitored information for the one or more activated monitoring triggers provided by the monitoring engine. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for monitoring network traffic in a network:
one or more network computers, comprising; a transceiver that communicates over the network; a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; instantiating a monitoring engine to perform actions, including; providing one or more monitoring triggers, wherein each monitoring trigger is associated with one or more conditions and one or more actions; monitoring information that is associated with network traffic that is associated with one or more networks based on an inspection detail level; comparing the monitored information to the one or more conditions associated with the one or more monitoring triggers; adaptively activating one or more of the one or more monitoring triggers based on a result of the comparison; and modifying the inspection detail level based on the one or more actions associated with the one or more activated monitoring triggers and an available amount of one or more of compute, data storage or network resources, wherein the modification of the inspection detail level initiates or stops deep packet detail level inspection of packets captured in an amount of the monitored information for the one or more activated monitoring triggers provided by the monitoring engine; and instantiating an analysis engine to perform actions, including, providing analysis of the network traffic based on the inspected packets of the amount of monitored information; and one or more client computers, comprising; a transceiver that communicates over the network; a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; providing one or more portions of the network traffic. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
24. A network computer for monitoring communication over a network between two or more computers, comprising:
-
a transceiver that communicates over the network; a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; instantiating a monitoring engine to perform actions, including; providing one or more monitoring triggers, wherein each monitoring trigger is associated with one or more conditions and one or more actions; monitoring information that is associated with network traffic that is associated with one or more networks based on an inspection detail level; comparing the monitored information to the one or more conditions associated with the one or more monitoring triggers; adaptively activating one or more of the one or more monitoring triggers based on a result of the comparison; and modifying the inspection detail level based on the one or more actions associated with the one or more activated monitoring triggers and an available amount of one or more of compute, data storage or network resources, wherein the modification of the inspection detail level initiates or stops deep packet detail level inspection of packets captured in an amount of the monitored information for the one or more activated monitoring triggers provided by the monitoring engine; and instantiating an analysis engine to perform actions, including, providing analysis of the network traffic based on the inspected packets of the amount of monitored information. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification