Method and system for acquisition and centralized storage of event logs from disparate systems

US 20070143842A1
Filed: 12/15/2005
Published: 06/21/2007
Est. Priority Date: 12/15/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for analyzing event logs from a plurality of different systems, comprising:

accessing an event log from each of a plurality of different systems, the event logs being configured to store data in two or more different formats;

storing selected event data from each event log in a common format within a centralized event log within a centralized database; and

analyzing the stored event data within the centralized database to identify events meeting one or more predetermined parameters.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are disclosed for acquisition and centralized storage of event logs from multiple systems. The present invention greatly improves the efficiency of event log review and analysis and is particularly useful for secure facilities performing periodic (e.g., weekly) event log audits for detection of security breaches. The present invention reduces human error by creating a centralized event log that automatically correlates event logs from disparate systems. The invention uses processing algorithms to analyze the centralized event log in order to identify events that meet selected criteria. A common format is utilized for the centralized event log to provide a uniform centralized event log that is easy to interpret by manual or automated analysis of the event data thereby greatly simplifying the audit process. In addition, the centralized event log can also be monitored on real time basis to detect sets of events triggering security alerts.

Citations

20 Claims

1. A method for analyzing event logs from a plurality of different systems, comprising:
- accessing an event log from each of a plurality of different systems, the event logs being configured to store data in two or more different formats;
  
  storing selected event data from each event log in a common format within a centralized event log within a centralized database; and
  
  analyzing the stored event data within the centralized database to identify events meeting one or more predetermined parameters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the storing step comprises storing the selected event data from the different event logs in a chronological format.
  - 3. The method of claim 1, wherein the centralized event log is a security event log and the parameters are selected based on security needs.
  - 4. The method of claim 1, further comprising monitoring the centralized event log on real time basis to detect events triggering security alerts.
  - 5. The method of claim 1, wherein the plurality of different systems comprise computer systems.
  - 6. The method of claim 1, wherein said accessing step comprises accessing of the event logs through a network connection.
  - 7. The method of claim 1, wherein the analyzing step comprises running an automated processing algorithm on the stored event data.
  - 8. The method of claim 7, further comprising running an algorithm that analyzes events across multiple systems.
  - 9. The method of claim 1, wherein the accessing and storing steps are conducted on a periodic basis.
  - 10. The method of claim 9, wherein the analyzing step is conducted manually.
  - 11. The method of claim 1, further comprising displaying result information graphically.

12. A centralized log manager system for analyzing event logs from a plurality of different systems, comprising:
- a plurality of different systems configured to store usage information in an event log, the event logs being configured to store data in two or more different formats;
  
  a server system configured to communicate with the plurality of different systems to obtain event data from the event logs and to store selected event data from each event log in a common format in a centralized event log within a centralized database;
  
  wherein the server system is further configured to analyze the stored event data within the centralized database to identify events meeting one or more predetermined parameters.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system of claim 12, wherein the selected event data from the different event logs is stored in a chronological format.
  - 14. The system of claim 12, wherein the centralized event log is a security event log and the parameters are selected based on security needs.
  - 15. The system of claim 12, wherein the server system is further configured to monitor the centralized event log on real time basis to detect events triggering security alerts.
  - 16. The system of claim 12, wherein the plurality of different systems and the server system are coupled through a network connection.
  - 17. The system of claim 12, wherein the server system is further configured to run an automated processing algorithm on the stored event data.
  - 18. The system of claim 17, wherein the automated processing algorithm is configured to analyze events across multiple systems.
  - 19. The system of claim 12, wherein the server system is further configured to access the event logs on a periodic basis.
  - 20. The method of claim 12, wherein the server system is further configured to provide a graphical depiction of event data through a display.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
L-3 Communications Integrated Systems LP (L3Harris Technologies, Inc.)
Original Assignee
L-3 Communications Integrated Systems LP (L3Harris Technologies, Inc.)
Inventors
Turner, Alan, Hayre, John, Irvin, Kent, Bullok, Chris, Markham, Kevin

Application Number

US11/300,737
Publication Number

US 20070143842A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/552 involving long-term monitor...

Method and system for acquisition and centralized storage of event logs from disparate systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for acquisition and centralized storage of event logs from disparate systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links