Automatic correlation of dynamic system events within computing devices

US 10,481,967 B2
Filed: 12/20/2016
Issued: 11/19/2019
Est. Priority Date: 12/18/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

providing, using a computing device, an event log electronic database, the database logically structured as a collection of tree-like graphs, with each node of the graph characterizing a computer network event;

receiving, using the computing device, information regarding a new computer network event to be logged;

automatically creating, using the computing device, a new event node within the event log database for the new computer network event;

automatically identifying, using the computing device, any existing event nodes within the event log database that each represent a respective past computer network event that may have caused the new computer network event, at least in part by matching a characteristic of the new event node to a characteristic of the existing event nodes;

automatically creating, using the computing device, a causal link within the event log database between the new event node and each of the identified existing event nodes; and

automatically storing, using the computing device, the new event node as an unattached root node in response to not identifying an existing event node representing a past computer network event that may have caused the new computer network event.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described herein for logging system events within an electronic machine using an event log structured as a collection of tree-like cause and effect graphs. An event to be logged may be received. A new event node may be created within the event log for the received event. One or more existing event nodes within the event log may be identified as having possibly caused the received event. One or more causal links may be created within the event log between the new event node and the one or more identified existing event nodes. The new event node may be stored as an unattached root node in response to not identifying an existing event node that may have caused the received event.

37 Citations

17 Claims

1. A method, comprising:
- providing, using a computing device, an event log electronic database, the database logically structured as a collection of tree-like graphs, with each node of the graph characterizing a computer network event;
  
  receiving, using the computing device, information regarding a new computer network event to be logged;
  
  automatically creating, using the computing device, a new event node within the event log database for the new computer network event;
  
  automatically identifying, using the computing device, any existing event nodes within the event log database that each represent a respective past computer network event that may have caused the new computer network event, at least in part by matching a characteristic of the new event node to a characteristic of the existing event nodes;
  
  automatically creating, using the computing device, a causal link within the event log database between the new event node and each of the identified existing event nodes; and
  
  automatically storing, using the computing device, the new event node as an unattached root node in response to not identifying an existing event node representing a past computer network event that may have caused the new computer network event.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein identifying any existing event nodes that each represent a respective past computer network event that may have caused the new computer network event comprises computing a correlation metric between the new event node and the existing event nodes.
  - 3. The method of claim 1, wherein identifying any existing event nodes that each represent a respective past computer network event that may have caused the new computer network event comprises searching existing event nodes created within a specified time period.
  - 4. The method of claim 1, further comprising refreshing a last used parameter of each of the identified existing event nodes within the event log database when the causal link is created to the new event node.
  - 5. The method of claim 1, further comprising determining a deletion order of event nodes within the event log database according to a last used parameter associated with the event nodes.
  - 6. The method of claim 1, further comprising displaying tree-like relationships among the event nodes within the event log database.

7. A system, comprising:
- a computing device comprising an event logging module and an event log electronic database configured to;
  
  receive information regarding a new computer network event to be logged;
  
  automatically create an event node representing the new event within the event log database;
  
  automatically storing the event node within the event log database in a structure comprising a collection of tree-like graphs where wherein links within the graphs represent causal relationships between computer network events represented by linked nodes, and wherein one or more of the links is established where one or more existing event nodes within the event log database is identified as possibly having caused the new computer network event by matching a characteristic of the event node to a characteristic of the one or more existing event nodes;
  
  automatically storing the event node as an unattached root node in response to not identifying an existing event node representing a past computer network event that may have caused the new computer network event; and
  
  providing an output of one or more result tree-like graphs in response to a user search for an event represented by an event node linked within the one or more result tree-like graphs.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein one or more of the links is established where one or more existing event nodes within the event log database is identified as possibly having caused the new computer network event by computing a correlation metric between the event node and the one or more existing event nodes.
  - 9. The system of claim 7, wherein one or more of the links is established where one or more existing event nodes within the event log is identified as possibly having caused the new computer network event by searching existing event nodes created within a specified time period.
  - 10. The system of claim 7, wherein the computing device is further configured to maintain a last used parameter for each of the event nodes within the event log database.
  - 11. The system of claim 7, wherein a last used parameter is associated with the event nodes within the event log database for determining a deletion order of event nodes.
  - 12. The system of claim 7, wherein the computing device is further configured to graphically display tree-like relationships among the event nodes within the event log database.

13. A computer program product, comprising:
- a non-transitory computer-readable medium having computer-readable program code embodied therein that, when executed by one or more computing machines, perform a method comprising;
  
  providing an event log electronic database structured as a collection of tree-like graphs, with each node of the graph characterizing a computer network event;
  
  receiving information regarding a new event to be logged;
  
  automatically creating a new event node within the event log database for the new computer network event;
  
  automatically identifying any existing event nodes within the event log database that each represent a respective past computer network event that may have caused the new computer network event by matching a characteristic of the new event node to a characteristic of the existing event nodes;
  
  automatically creating a causal link within the event log database between the new event node and each of the identified existing event nodes; and
  
  automatically storing the new event node as an unattached root node in response to not identifying an existing event node representing a past computer network event that may have caused the new computer network event.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13, wherein identifying any existing event nodes that each represent a respective past computer network event that may have caused the new computer network event comprises computing a correlation metric between the new event node and the existing event nodes.
  - 15. The computer program product of claim 13, wherein identifying any existing event nodes that each represent a respective past computer network event that may have caused the new computer network event comprises searching existing event nodes created within a specified time period.
  - 16. The computer program product of claim 13, further comprising determining a deletion order of event nodes within the event log database according to a last used parameter associated with the event nodes.
  - 17. The computer program product of claim 13, further comprising displaying tree-like relationships among the event nodes within the event log database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Johnston, Jay Kemper, White, Jr., David C., Dreier, Christopher Blayne
Primary Examiner(s)
Nguyen, Phong H

Application Number

US15/385,826
Publication Number

US 20170102986A1
Time in Patent Office

1,064 Days
Field of Search

707797, 707798
US Class Current
CPC Class Codes

G06F 11/07   Responding to the occurrenc...

G06F 11/0709   in a distributed system con...

G06F 11/0751   Error or fault detection no...

G06F 11/0775   Content or structure detail...

G06F 11/0787   Storage of error reports, e...

G06F 11/079   Root cause analysis, i.e. e...

G06F 11/366   using diagnostics G06F11/07...

G06F 16/1734   Details of monitoring file ...

G06F 16/2246   Trees, e.g. B+trees

G06F 16/2455   Query execution

G06F 16/9027   Trees

G06F 40/137   Hierarchical processing, e....

H04L 41/0636   based on a decision tree an...

H04L 41/069   using logs of notifications...

H04L 41/22   comprising specially adapte...

H04L 45/00   Routing or path finding of ...

Automatic correlation of dynamic system events within computing devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic correlation of dynamic system events within computing devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links