Application-based configuration of network data capture by remote capture agents
First Claim
1. A computer-implemented method performed by a configuration server coupled to a network, the method comprising:
- obtaining configuration information generated and sent to the configuration server by an application running on a server that is separate from the configuration server and that is coupled to the configuration server via the network, the configuration information specifying one or more event streams to be generated by one or more remote capture agents, the one or more event streams including timestamped event data generated by the one or more remote capture agents based on network traffic monitored by the one or more remote capture agents, and wherein the one or more remote capture agents are installed in a virtual computing environment; and
sending the configuration information to the one or more remote capture agents, the configuration information causing the one or more remote capture agents to;
generate the one or more event streams including timestamped event data generated based on network traffic monitored by the one or more remote capture agents, andsend the one or more event streams to another component on the network for storage in a data store accessible to the application.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a method and system for facilitating the processing of network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. Next, the system uses the configuration information to configure the generation of event data from network packets at the remote capture agent. Upon receiving an update to the configuration information from the configuration server, the system uses the update to reconfigure the generation of the event data by the remote capture agent during runtime of the remote capture agent.
-
Citations
24 Claims
-
1. A computer-implemented method performed by a configuration server coupled to a network, the method comprising:
-
obtaining configuration information generated and sent to the configuration server by an application running on a server that is separate from the configuration server and that is coupled to the configuration server via the network, the configuration information specifying one or more event streams to be generated by one or more remote capture agents, the one or more event streams including timestamped event data generated by the one or more remote capture agents based on network traffic monitored by the one or more remote capture agents, and wherein the one or more remote capture agents are installed in a virtual computing environment; and sending the configuration information to the one or more remote capture agents, the configuration information causing the one or more remote capture agents to; generate the one or more event streams including timestamped event data generated based on network traffic monitored by the one or more remote capture agents, and send the one or more event streams to another component on the network for storage in a data store accessible to the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A configuration server coupled to a network, the configuration server comprising:
-
a processor; a non-transitory computer readable storage medium storing instructions which, when executed by the processor, cause the configuration server to; obtain configuration information generated and sent to the configuration server by an application running on a server that is separate from the configuration server and that is coupled to the configuration server via the network, the configuration information specifying one or more event streams to be generated by one or more remote capture agents, the one or more event streams including timestamped event data generated by the one or more remote capture agents based on network traffic monitored by the one or more remote capture agents, and wherein the one or more remote capture agents are installed in a virtual computing environment; and send the configuration information to the one or more remote capture agents, the configuration information causing the one or more remote capture agents to; generate the one or more event streams including timestamped event data generated based on network traffic monitored by the one or more remote capture agents, and send the one or more event streams to another component on the network for storage in a data store accessible to the application. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause a configuration server to perform operations comprising:
-
obtaining configuration information generated and sent to the configuration server by an application running on a server that is separate from the configuration server and that is coupled to the configuration server via the network, the configuration information specifying one or more event streams to be generated by one or more remote capture agents, the one or more event streams including timestamped event data generated by the one or more remote capture agents based on network traffic monitored by the one or more remote capture agents, and wherein the one or more remote capture agents are installed in a virtual computing environment; and sending the configuration information to the one or more remote capture agents, the configuration information causing the one or more remote capture agents to; generate the one or more event streams including timestamped event data generated based on network traffic monitored by the one or more remote capture agents, and send the one or more event streams to another component on the network for storage in a data store accessible to the application. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification