Configuring generation of event streams by remote capture agents
First Claim
1. A method performed by a configuration server to generate a plurality of event streams from network packets monitored by a plurality of remote capture agents, the method comprising:
- receiving, by the configuration server, input indicating;
first configuration data associated with a first event stream to be generated by a first remote capture agent of the plurality of remote capture agents, the first event stream associated with a first type of event and to include time-series event data representing instances of the first type of event in network packets monitored by the first remote capture agent, andsecond configuration data associated with a second event stream to be generated by a second remote capture agent of the plurality of remote capture agents, the second event stream associated with a second type of event and to include time-series event data representing instances of the second type of event in the network packets monitored by the second remote capture agent; and
sending, over a network, the first configuration data to the first remote capture agent and the second configuration data to the second remote capture agent.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a system that processes network data. During operation, the system obtains, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent. Next, the system uses configuration information associated with the first protocol classification to build a first event stream from the first packet flow at the remote capture agent, wherein the first event stream comprises time-series event data generated from network packets in the first packet flow based on the first protocol classification. The system then transmits the first event stream over a network for subsequent storage and processing of the first event stream by one or more components on the network.
-
Citations
30 Claims
-
1. A method performed by a configuration server to generate a plurality of event streams from network packets monitored by a plurality of remote capture agents, the method comprising:
-
receiving, by the configuration server, input indicating; first configuration data associated with a first event stream to be generated by a first remote capture agent of the plurality of remote capture agents, the first event stream associated with a first type of event and to include time-series event data representing instances of the first type of event in network packets monitored by the first remote capture agent, and second configuration data associated with a second event stream to be generated by a second remote capture agent of the plurality of remote capture agents, the second event stream associated with a second type of event and to include time-series event data representing instances of the second type of event in the network packets monitored by the second remote capture agent; and sending, over a network, the first configuration data to the first remote capture agent and the second configuration data to the second remote capture agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus, comprising:
-
a processor; a non-transitory computer readable storage medium storing instructions which, when executed by the processor, cause the apparatus to; receive, by a configuration server, input indicating; first configuration data associated with a first event stream to be generated by a first remote capture agent of a plurality of remote capture agents, the first event stream associated with a first type of event and to include time-series event data representing instances of the first type of event in network packets monitored by the first remote capture agent, and second configuration data associated with a second event stream to be generated by a second remote capture agent of the plurality of remote capture agents, the second event stream associated with a second type of event and to include time-series event data representing instances of the second type of event in the network packets monitored by the second remote capture agent; and send, over a network, the first configuration data to the first remote capture agent and the second configuration data to the second remote capture agent. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A non-transitory computer-readable storage medium storing instructions which, when executed by a processor, cause the processor to perform operations comprising:
-
receiving, by a configuration server, input indicating; first configuration data associated with a first event stream to be generated by a first remote capture agent of a plurality of remote capture agents, the first event stream associated with a first type of event and to include time-series event data representing instances of the first type of event in network packets monitored by the first remote capture agent, and second configuration data associated with a second event stream to be generated by a second remote capture agent of the plurality of remote capture agents, the second event stream associated with a second type of event and to include time-series event data representing instances of the second type of event in the network packets monitored by the second remote capture agent; and sending, over a network, the first configuration data to the first remote capture agent and the second configuration data to the second remote capture agent. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification