Event source management using a metadata-driven framework

US 20080114873A1
Filed: 04/02/2007
Published: 05/15/2008
Est. Priority Date: 11/10/2006
Status: Active Grant

First Claim

Patent Images

1. A collector system including at least one collector connected to one or more network devices, comprising:

collecting means for collecting event data from the one or more network devices;

filtering means for filtering the event data based on one or more preconfigured filters;

parsing means for parsing the filtered event data to a normalized form;

transmitting means for transmitting the normalized event data to a central manager for reporting.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method that relates to managing multiple network device connections and/or collectors for collecting event source data from one or more network devices, filtering event source data, continuously monitoring connection status to the one or more network devices, controlling raw data collection from the one or more network devices, parsing event source data into normalized data structures, and/or managing collector configurations, among other things. Event sources may be network devices (physical or logical) across a network, including but not limited to, firewalls, routers, biometric devices, mainframes, databases and/or applications. A network device may be a source from which a collector may receive and/or request event data.

Citations

30 Claims

1. A collector system including at least one collector connected to one or more network devices, comprising:
- collecting means for collecting event data from the one or more network devices;
  
  filtering means for filtering the event data based on one or more preconfigured filters;
  
  parsing means for parsing the filtered event data to a normalized form;
  
  transmitting means for transmitting the normalized event data to a central manager for reporting.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein event data comprises security events, compliance events, or network traffic events.
  - 3. The system of claim 1, wherein the collector comprises a device specific collector script.
  - 4. The system of claim 1, wherein the one or more network devices comprises a firewall, router, biometric device, mainframe, database or application.
  - 5. The system of claim 1, wherein the collecting means further includes a device queue for one or more connections to respective network devices;
    - andretrieving means for retrieving event data from each device via the one or more connections.
  - 6. The system of claim 1, wherein the filtering means further includes filtering from a preliminary output queue of raw event data received from respective connections to the one or more network devices.
  - 7. The system of claim 1, wherein the transmitting means further includes an output queue of normalized event data from respective network devices.
  - 8. The system of claim 1, wherein the one or more preconfigured filters comprises filtering based on device group, connection protocol, or event data type.
  - 9. The system of claim 1, further comprising means for grouping a plurality of network devices into a device group, wherein the plurality of network devices in the device group share at least one common property.
  - 10. The system of claim 9,-wherein the common property comprises device type, connection protocol, network location, or device function.
  - 11. The system of claim 9, wherein the event data from the plurality of network devices in the device group is collected via a single collector.

12. A collector framework system including at least one collector for collecting event data from one or more network devices, the system comprising:
- a collector manager for storing a collector script;
  
  configuring means for configuring a collector based on the collector script;
  
  a proxy manager for determining one or more network devices to connect to the collector based on the collector script, wherein the collector collects event data from the one or more network devices; and
  
  receiving means for receiving the collected event data from the collector manager.
- View Dependent Claims (13, 14, 15)
- - 13. The system of claim 12, wherein the configuring means further includes one or more user interfaces enabling a user to view collected event data.
  - 14. The system of claim 12, wherein the collector script is device specific.
  - 15. The system of claim 12, wherein the event data comprises security events, compliance events, or network traffic events.

16. A method for collecting data using at least one collector connected to one or more network devices, comprising:
- collecting event data from the one or more network devices;
  
  filtering the event data based on one or more preconfigured filters;
  
  parsing the filtered event data to a normalized form; and
  
  transmitting the normalized event data to a central manager for reporting.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 17. The method of claim 16, wherein event data comprises security events, compliance events, or network traffic events.
  - 18. The method of claim 16, wherein the collector comprises a device type specific collector script.
  - 19. The method of claim 16, wherein the one or more network devices comprises a firewall, router, biometric device, mainframe, database or application.
  - 20. The method of claim 16, wherein the step of collecting further includes a device queue for one or more connections to respective network devices;
    - and the step of retrieving event data from each device via the one or more connections.
  - 21. The method of claim 16, wherein the step of filtering further includes filtering from a preliminary output queue of raw event data received from respective connections to the one or more network devices.
  - 22. The method of claim 16, wherein the step of transmitting further includes an output queue of normalized event data from respective network devices.
  - 23. The method of claim 16, wherein the one or more preconfigured filters comprises filtering based on device group, connection protocol, or event data type.
  - 24. The method of claim 16, further comprising a step of grouping a plurality of network devices into a device group, wherein the plurality of network devices in the device group share at least one common property.
  - 25. The method of claim 24, wherein the common property comprises device type, connection protocol, network location, or device function.
  - 26. The method of claim 24, wherein the event data from the plurality of network devices in the device group is collected via a single collector.

27. A computer based method including at least one collector for collecting event data from one or more network devices, comprising the step of:
- configuring a collector process based on the collector script;
  
  determining one or more network devices to connect to the collector based on the collector script, wherein the collector process collects event data from the one or more network devices; and
  
  receiving the collected event data from a collector manager.
- View Dependent Claims (28, 29, 30)
- - 28. The method of claim 27, wherein the step of configuring further includes one or more user interfaces enabling a user to view collected event data.
  - 29. The method of claim 27, wherein the collector script is device type specific.
  - 30. The method of claim 27, wherein the event data comprises security events, compliance events, or network traffic events.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Price, Robert, Choudhary, Usman, Weiner, William Matthew, Pellegrino, Frank Anthony, Gassner, John Paul, Chakravarty, Dipto, Fuksenko, Yuriy

Granted Patent

US 7,984,452 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

G06F 11/3065   Monitoring arrangements det...

G06F 11/3072   where the reporting involve...

G06F 9/542   Event management; Broadcast...

H04L 41/046   comprising network manageme...

H04L 41/0613   based on the type or catego...

H04L 41/0806   for initial configuration o...

H04L 41/0869   Validating the configuratio...

H04L 41/22   comprising specially adapte...

H04L 43/028   by filtering

H04L 43/045   for graphical visualisation...

H04L 43/08   Monitoring or testing based...

H04L 43/0817   by checking functioning

H04L 43/12   Network monitoring probes

H04L 67/10   in which an application is ...

H04L 67/565   Conversion or adaptation of...

H04L 67/5651   Reducing the amount or size...

Event source management using a metadata-driven framework

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Event source management using a metadata-driven framework

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links