Message abnormality automatic detection device, method and program

US 20060256714A1
Filed: 08/17/2005
Published: 11/16/2006
Est. Priority Date: 05/11/2005
Status: Active Grant

First Claim

Patent Images

1. A message abnormality automatic detection device comprising:

a message collection unit for collecting messages generated by a distributed system;

a normal pattern memory unit for storing normal pattern of which the constituent element is message information data which are a combination of one or two or more consecutive messages generated when the distributed system is operating normally and have at least identifiers which uniquely identify the messages and the number of times each message indicated by the identifiers are generated;

and a collation unit for referencing the normal patterns stored within the normal pattern memory unit, retrieving the identifier which matches the identifier of the message collected within the message collection unit, counting the number of times the message indicated by the identifier is generated if relevant identifier exists, and determining abnormality if the number of times generated is higher or lower than a predetermined value or if relevant identifier does not exist.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In order to provide a message abnormality automatic detection device, method and program for accurately detecting messages indicating abnormalities requiring response from a large amount of messages, the message abnormality automatic detection device 1 comprises a message collection unit 2 for collecting messages, a learning unit 3 for extracting patterns from the collected messages, a normal pattern memory unit 4 for storing normal patterns, a collation unit 5 for collating the collected messages with normal patterns and detecting message abnormalities, a warning unit 6 for outputting abnormalities to display 9 and the like, and a definition unit 7 for storing the definition data related to normal patterns.

Citations

19 Claims

1. A message abnormality automatic detection device comprising:
- a message collection unit for collecting messages generated by a distributed system;
  
  a normal pattern memory unit for storing normal pattern of which the constituent element is message information data which are a combination of one or two or more consecutive messages generated when the distributed system is operating normally and have at least identifiers which uniquely identify the messages and the number of times each message indicated by the identifiers are generated;
  
  and a collation unit for referencing the normal patterns stored within the normal pattern memory unit, retrieving the identifier which matches the identifier of the message collected within the message collection unit, counting the number of times the message indicated by the identifier is generated if relevant identifier exists, and determining abnormality if the number of times generated is higher or lower than a predetermined value or if relevant identifier does not exist.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The message abnormality automatic detection device according to claim 1 wherein the normal pattern comprises:
    - a plurality of day-of-the-week data indicating the date classified based on predetermined rules;
      
      a plurality of time period data indicating time period obtained by arbitrarily dividing a predetermined period of a date indicated by the day-of-the-week data or a date indicated by the day-of-the-week data; and
      
      a message information data in the time period indicated by the time period data.
  - 3. The message abnormality automatic detection device according to claim 1 wherein, the message information data has a tree-structure having a predetermined number of layers;
    - and the collation unit sets the message information data comprising the occurrence frequency, which the collation unit counted previously, as a starting point, and retrieves identifier matching the identifier of message collected in the message collection unit from the identifier of message information data of the layer directly below the starting point.
  - 4. The message abnormality automatic detection device according to claim 1 further comprising a warning unit for outputting message determined by the collation unit to be abnormal.
  - 5. The message abnormality automatic detection device according to claim 1 wherein the identifier comprises a message ID for identifying message content and a resource name for generating the message.
  - 6. The message abnormality automatic detection device according to claim 1 further comprising a learning unit for extracting normal pattern of which the constituent element is message information data which is a combination of one or two or more consecutive messages generated when the distributed system is operating normally and has at least identifiers which uniquely identify the messages and the total number of times each message indicated by the identifiers are generated and, at the same time, counting the total frequency.
  - 7. The message abnormality automatic detection device according to claim 4 wherein the warning unit further comprises a blocking unit for blocking the output of messages determined by the collation unit to be abnormal.

8. A message abnormality automatic detection method for enabling an information processing device to perform:
- message collection processing for collecting messages generated by a distributed system; and
  
  collation processing for referencing the normal pattern memory unit for storing normal pattern of which the constituent element is message information data which is a combination of one or two or more consecutive messages generated when the distributed system is operating normally and have at least identifiers which uniquely identify the messages and the number of times each message indicated by the identifiers are generated, retrieving the identifier which matches the identifier of the message collected through the message collection processing, counting the number of times the message indicated by the identifier is generated if relevant identifier exists, and determining abnormality if the number of times generated is higher or lower than a predetermined value or if relevant identifier does not exist.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The message abnormality automatic detection method according to claim 8 wherein the normal pattern comprises:
    - a plurality of day-of-the-week data indicating the date classified based on predetermined rules;
      
      a plurality of time period data indicating time period obtained by arbitrarily dividing predetermined period of a corresponding date or a date indicated by corresponding day-of-the-week data; and
      
      a message information data in the time period indicated by the time period data.
  - 10. The message abnormality automatic detection method according to claim 8 wherein, the message information data has a tree-structure having a predetermined number of layers;
    - and the collation processing sets the message information data comprising the occurrence frequency, which the collation unit counted previously, as a starting point, and retrieves identifier matching the identifier of message collected in by the message collection processing from the identifier of message information data of the layer directly below the starting point.
  - 11. The message abnormality automatic detection method according to claim 8 which enables the information processing device to further perform a warning processing for outputting message determined by the collation unit to be abnormal.
  - 12. The message abnormality automatic detection method according to claim 8 wherein the identifier comprises a message ID for identifying message content and a resource name for generating the message.
  - 13. The message abnormality automatic detection method according to claim 11 which enables the information processing device to further perform blocking processing for blocking the output of messages determined by the collation processing to be abnormal.

14. A recording medium for recording a program used to direct an information processing device to perform a message abnormality automatic detection process, comprising:
- message collection processing for collecting messages generated by a distributed system; and
  
  collation processing for referencing the normal pattern memory unit for storing normal pattern of which the constituent element is message information data which is a combination of one or two or more consecutive messages generated when the distributed system is operating normally and have at least identifiers which uniquely identifies the messages and the number of times each message indicated by the identifiers are generated, retrieving the identifier which matches the identifier of the message collected through the message collection processing, counting the number of times the message indicated by the identifier is generated if relevant identifier exists, and determining abnormality if the number of times generated is higher or lower than a predetermined value or if relevant identifier does not exist.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The recording medium for recording the program according to claim 14 wherein the normal pattern comprises:
    - a plurality of day-of-the-week data indicating the date classified based on predetermined rules;
      
      a plurality of time period data indicating time period obtained by arbitrarily dividing predetermined period of a corresponding date or a date indicated by corresponding day-of-the-week data; and
      
      a message information data in the time period indicated by the time period data.
  - 16. The recording medium for recording the program according to claim 14 wherein, the message information data has a tree-structure having a predetermined number of layers;
    - and the collation processing sets the message information data comprising the occurrence frequency, which the collation unit counted previously, as a starting point, and retrieves identifier matching the identifier of message collected in by the message collection processing from the identifier of message information data of the layer directly below the starting point.
  - 17. The recording medium for recording the program according to claim 14 which enables the information processing device to further perform a warning processing for outputting message determined by the collation unit to be abnormal.
  - 18. The recording medium for recording the program according to claim 14 wherein the identifier comprises a message ID for identifying message content and a resource name for generating the message.
  - 19. The recording medium for recording the program according to claim 17 which enables the information processing device to further perform blocking processing for blocking the output of messages determined by the collation processing to be abnormal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Takagi, Ryuichi

Granted Patent

US 8,332,503 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/224
CPC Class Codes

H04J 3/14   Monitoring arrangements for...

H04L 43/00   Arrangements for monitoring...

H04L 69/40   for recovering from a failu...

Message abnormality automatic detection device, method and program

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Message abnormality automatic detection device, method and program

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links