Generating and transforming timestamped event data at a remote capture agent
First Claim
Patent Images
1. A computer-implemented method performed by a remote capture agent coupled to a network, comprising:
- obtaining configuration information from a configuration server over a network;
monitoring network traffic comprising a plurality of network packets;
generating, based on the configuration information, timestamped event data from at least one network packet of the plurality of network packets by segmenting the at least one network packet into events and associating timestamps with the events;
transforming, based on the same configuration information, the timestamped event data into transformed event data; and
sending an event stream of timestamped event data including the transformed event data to another component on the network for subsequent processing.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a method and system for processing network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. Next, the system uses the configuration information to configure the generation of event data from network data obtained from network packets at the remote capture agent. The system then uses the configuration information to configure transformation of the event data or the network data into transformed event data at the remote capture agent.
-
Citations
26 Claims
-
1. A computer-implemented method performed by a remote capture agent coupled to a network, comprising:
-
obtaining configuration information from a configuration server over a network; monitoring network traffic comprising a plurality of network packets; generating, based on the configuration information, timestamped event data from at least one network packet of the plurality of network packets by segmenting the at least one network packet into events and associating timestamps with the events; transforming, based on the same configuration information, the timestamped event data into transformed event data; and sending an event stream of timestamped event data including the transformed event data to another component on the network for subsequent processing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A remote capture agent, comprising:
-
a processor; a memory storing instructions which, when executed by the processor, cause the remote capture agent to; obtain configuration information from a configuration server over a network; monitor network traffic comprising a plurality of network packets; generate, based on the configuration information, timestamped event data from at least one network packet of the plurality of network packets by segmenting the at least one network packet into events and associating timestamps with the events; transform, based on the same configuration information, the timestamped event data into transformed event data; and send an event stream of timestamped event data including the transformed event data to another component on the network for subsequent processing. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause a remote capture agent coupled to a network to perform operations comprising:
-
obtaining configuration information from a configuration server over a network; monitoring network traffic comprising a plurality of network packets; generating, based on the configuration information, timestamped event data from at least one network packet of the plurality of network packets by segmenting the at least one network packet into events and associating timestamps with the events; transforming, based on the same configuration information, the timestamped event data into transformed event data; and sending an event stream of timestamped event data including the transformed event data to another component on the network for subsequent processing. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
Specification