System and method for providing a global real-time advanced correlation environment architecture

US 20060015603A1
Filed: 07/08/2005
Published: 01/19/2006
Est. Priority Date: 05/23/2000
Status: Active Grant

First Claim

Patent Images

1-33. -33. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are disclosed for efficiently correlating network events within a data processing system and then transmitting messages to various network entities in response to an occurrence of a particular network event. According to the present invention, a network mediation service receives raw message streams from one or more external networks and passes the streams in real-time to the event notification service. The event notification service then passes the message to the message parsing service for processing. After the message has been parsed by the message parsing service, it is passed back to the event notification service which passes the message along an event channel to the network management service. The message is also passed to the event correlation service for event correlation. A knowledge-based database of message classes that define how to interpret the message text are used by the event correlation service to match correlation rule conditions to the observed events. After event correlation service processes the parsed event, it is passed to the network management service for resolution.

58 Citations

View as Search Results

50 Claims

1-33. -33. (canceled)

34. A method for correlating network event messages on a computer network comprising a message parsing service, an event correlation service, and a knowledge database coupled together via a plurality of interfaces, said method comprising:
- receiving a raw event at said message parsing service;
  
  parsing said raw event by said message parsing service;
  
  transmitting said parsed event to said event correlation service;
  
  utilizing data stored in said knowledge database to derive an event from said parsed event; and
  
  transmitting said derived event to one of a plurality of operator workstations, regardless of a significance of said derived event.
- View Dependent Claims (35, 46)
- - 35. The method of claim 34, wherein transmitting said derived event to one of a plurality of operator workstations includes:
    - transmitting said derived event from said event correlation service to a network management service; and
      
      transmitting said derived event from said network management service to one of a plurality of operator workstations.
  - 46. A computer system for correlating network events among a number of client services, the system comprising:
    - a processor;
      
      a memory coupled to the processor and storing program instructions, the program instructions configured to cause the processor to perform the method of claim 34.

36. A method for correlating network event messages on a computer network comprising a network mediation service, a message parsing service, an event notification service, an event correlation service, and a knowledge database coupled together via a plurality of interfaces, said method comprising:
- receiving a raw event at said network mediation service from an external computer network;
  
  transmitting said raw event to said message parsing service;
  
  parsing said raw event by said message parsing service;
  
  transmitting said parsed event to said event correlation service;
  
  utilizing data stored in said knowledge database to derive an event from said parsed event; and
  
  transmitting said derived event to one of a plurality of operator workstations, regardless of a significance of said derived event.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 37. The method of claim 36, wherein transmitting said raw event to said message parsing service includes:
    - transmitting said raw event from said network mediation service to said event notification service; and
      
      transmitting said raw event from said event notification service to said message parsing service.
  - 38. The method of claim 37, wherein transmitting said raw event from said event notification service to said message parsing service includes:
    - receiving said raw event at a raw event channel;
      
      processing said raw event by said raw event channel; and
      
      transmitting said raw event from said raw event channel to said message parsing service.
  - 39. The method of claim 38, wherein transmitting said raw event from said raw event channel to said message parsing service includes:
    - transmitting said raw event from said raw event channel to at least one event filter; and
      
      transmitting said raw event from said at least one event filter to said message parsing service.
  - 40. The method of claim 36, wherein transmitting said parsed event to said event correlation service includes:
    - transmitting said parsed event from said message parsing service to said event notification service; and
      
      transmitting said parsed event from said event notification service to said event correlation service.
  - 41. The method of claim 40, wherein transmitting said parsed event from said event notification service to said event correlation service includes:
    - receiving said parsed event at a parsed event channel;
      
      processing said parsed event by said parsed event channel; and
      
      transmitting said processed event from said parsed event channel to said event correlation service.
  - 42. The method of claim 41, wherein transmitting said processed event from said parsed event channel to said event correlation service includes:
    - transmitting said processed event from said parsed event channel to at least one event filter; and
      
      transmitting said processed event from said at least one event filter to said event correlation service.
  - 43. The method of claim 36, wherein transmitting said derived event to one of a plurality of operator workstations includes:
    - transmitting said derived event from said event correlation service to said event notification service; and
      
      transmitting said derived event from said event notification service to said network management service; and
      
      transmitting said derived event from said network management service to one of a plurality of operator workstations.
  - 44. The method of claim 43, wherein transmitting said derived event from said network management service to one of a plurality of operator workstations includes:
    - receiving said derived event at a derived event channel;
      
      processing said derived event by said derived event channel; and
      
      transmitting said processed event from said derived event channel to said network management service.
  - 45. The method of claim 44, wherein transmitting said processed event from said derived event channel to said network management service includes:
    - transmitting said processed event from said derived event channel to at least one event filter; and
      
      transmitting said processed event from said at least one event filter to said network management service.

47. A method for correlating network event messages on a computer network comprising a network mediation service, a message parsing service, an event notification service, and a network management service coupled together via a plurality of interfaces, said method comprising:
- receiving a raw event at said network mediation service from an external computer network;
  
  transmitting said raw event to said message parsing service;
  
  parsing said raw event by said message parsing service; and
  
  transmitting said parsed event to said network management service, regardless of a significance of said parsed event.
- View Dependent Claims (48, 49, 50)
- - 48. The method of claim 47, wherein transmitting said parsed event to said network management service includes:
    - transmitting said parsed event from said message parsing service to said event notification service; and
      
      transmitting said parsed event from said event notification service to said network management service.
  - 49. The method of claim 48, wherein transmitting said parsed event from said event notification service to said network management service includes:
    - receiving said parsed event at a parsed event channel;
      
      processing said parsed event by said parsed event channel; and
      
      transmitting said processed event from said parsed event channel to said network management service.
  - 50. The method of claim 49, wherein transmitting said processed event from said parsed event channel to said network management service includes:
    - transmitting said processed event from said parsed event channel to at least one event filter; and
      
      transmitting said processed event from said at least one event filter to said network management service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Laboratories Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Laboratories Incorporated (Verizon Communications Inc.)
Inventors
Jakobson, Gabriel, Brenner, Leonhard, Weissman, Mark, Lafond, Carol

Granted Patent

US 7,284,048 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

G06F 9/542 Event management; Broadcast...

System and method for providing a global real-time advanced correlation environment architecture

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

50 Claims

Specification

Use Cases

Quick Links

Others

System and method for providing a global real-time advanced correlation environment architecture

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

50 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others