Network event capture and retention system
First Claim
1. A method for processing log data comprising:
- receiving raw log data in a log data analyzer;
parsing the raw log data;
summarizing the parsed log data;
storing the summarized data in a database maintained by the log data analyzer;
receiving a database query from a management station;
generating a database report in the log data analyzer from the summarized data in response to the query received from the management station; and
, sending the database report to the management station.
12 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus are provided to monitor and analyze activity occurring on a networked computer system. In some embodiments, a method is provided for capturing, in a data structure, at least a portion of a notification describing a network event provided by a node on a computer network, identifying a data element (e.g., an IP address of the node) within the notification, and updating an index and/or summary based on the data element. The data structure may be stored in a file system maintained on a site, and sites may exchange information related to the notification data stored on each. In some embodiments, a query which is issued to a site may be processed using data transferred from other sites, and/or may be split into one or more additional queries which may be transmitted for processing to other sites.
-
Citations
8 Claims
-
1. A method for processing log data comprising:
- receiving raw log data in a log data analyzer;
parsing the raw log data;
summarizing the parsed log data;
storing the summarized data in a database maintained by the log data analyzer;
receiving a database query from a management station;
generating a database report in the log data analyzer from the summarized data in response to the query received from the management station; and
, sending the database report to the management station. - View Dependent Claims (2, 3, 4)
- receiving raw log data in a log data analyzer;
-
5. A data processing system for processing log data comprising:
- a management station;
a log data analyzer connected to the management station via a data communications link and which receives raw log data;
parses the raw log data;
summarizes the parsed log data;
stores the summarized data in a database;
receives a database query from the management station;
generates a database report from the summarized data in response to the query received from the management station; and
, sends the database report to the management station. - View Dependent Claims (6, 7, 8)
- a management station;
Specification