Monitoring network traffic by using event log information
First Claim
1. A method for associating network traffic according to a selected category item, said network traffic traversing on a networked environment that has an authentication service for logging network authentication-related events, including network logon and logoff events, in an event log during an occurrence of a network authentication-related event, said method including:
- receiving network traffic traversing on the networked environment;
extracting a first user name and a first network address from the event log;
identifying at least one packet from said network traffic that contains a second network address matching said first network address; and
associating said at least one packet with said first user name.
7 Assignments
0 Petitions
Accused Products
Abstract
A solution is provided for associating network traffic traversing a networked environment according to a selected category item, such as a user name or other network entity identity-related information. The solution includes a collector and a monitor. The collector extracts a user name and a network address from an event log maintained on the networked environment. The monitor receives the network traffic and identifies at least one packet having a network address that matches the extracted network address. After at least one of the packets is identified, the collector associates the identified packet(s) with the extracted user name.
-
Citations
24 Claims
-
1. A method for associating network traffic according to a selected category item, said network traffic traversing on a networked environment that has an authentication service for logging network authentication-related events, including network logon and logoff events, in an event log during an occurrence of a network authentication-related event, said method including:
-
receiving network traffic traversing on the networked environment;
extracting a first user name and a first network address from the event log;
identifying at least one packet from said network traffic that contains a second network address matching said first network address; and
associating said at least one packet with said first user name. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for associating network traffic according to a selected category item, said network traffic traversing on a networked environment that has an authentication service for logging network authentication-related events, including network logon and logoff events, in an event log during an occurrence of a network authentication-related event, said system including:
-
a collector that extracts a first user name and a first network address from the event log;
a monitor that receives said network traffic traversing on the networked environment and that identifies at least one packet from said network traffic received if said at least one packet contains a second network address that matches said first network address; and
wherein said collector associates said at least one packet with said first user name. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program embodied on at least one computer-readable medium for executing a method for associating network traffic according to a selected category item, said network traffic traversing on a networked environment that has an authentication service for logging network authentication-related events in an event log during an occurrence of a network authentication-related event, said method including:
-
receiving network traffic traversing on the networked environment;
extracting a first user name and a first network address from the event log;
identifying at least one packet from said network traffic that contains a second network address matching said first network address; and
associating said at least one packet with said first user name. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification