DISTRIBUTED DETECTION WITH DIAGNOSIS
First Claim
1. A method for distributed anomaly diagnosis, comprising:
- detecting an anomaly at a first computer on a network;
querying an activity model at the first computer to determine the source of the anomaly;
determining a second computer that the first computer receives data from; and
querying an activity model of the second computer to determine the source of the anomaly; and
combining the results from the activity models to create a report indicating a probable cause of the anomaly.
2 Assignments
0 Petitions
Accused Products
Abstract
Activity models are maintained on a plurality of computers on a network. When a user or a particular activity model at a computer discovers an error, it may query its own activity model to determine a possible source of the error. If it is determined to not be the likely source of the error, the activity model queries the activity models of those computers on the network that it depends on. These activity models may then query the activity models of the computers that their particular host computer depends on and so forth. Ultimately the results of these activity model queries may be used to diagnose the likely source of the error and may be presented to the requesting user as a report.
-
Citations
18 Claims
-
1. A method for distributed anomaly diagnosis, comprising:
-
detecting an anomaly at a first computer on a network; querying an activity model at the first computer to determine the source of the anomaly; determining a second computer that the first computer receives data from; and querying an activity model of the second computer to determine the source of the anomaly; and combining the results from the activity models to create a report indicating a probable cause of the anomaly. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9)
-
-
2. (canceled)
-
10. A method for diagnosing system failures using an activity model, comprising:
-
maintaining a buffer of the most recent data send to and from a host computer; detecting a system failure by the host computer; and querying an activity model associated with the host computer using the buffer of data. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method of determining the effect of a change in a computer system, comprising:
-
selecting a service to modify in a computer system; querying an activity model associated with the computer system to determine other services and other computers that are dependent on the selected service; and generating a report including the determined other services and other computers that are dependent on the selected service. - View Dependent Claims (17, 18)
-
Specification