LOG COLLECTION, STRUCTURING AND PROCESSING
First Claim
1. A method for use in monitoring one or more platforms of a data system, comprising the steps of:
- identifying a set of circumstances with respect to at least one type of storage device usable with said data system;
establishing, using a processing platform of said data system, at least one log processing rule to identify logs of said one or more monitored platforms matching said set of circumstances;
receiving, at said processing platform, logs from one or more monitored platforms;
operating said processing platform to identify received logs that match said set of circumstances; and
taking at least one action with respect to said at least one type of storage device in response to said operating step.
8 Assignments
0 Petitions
Accused Products
Abstract
Tools for use in obtaining useful information from processed log messages generated by a variety of network platforms (e.g., Windows servers, Linux servers, UNIX servers, databases, workstations, etc.). The log messages may be processed by one or more processing platforms or “log managers” using any appropriate rule base to identify “events” (i.e., log messages of somewhat heightened importance), and one or more “event managers” may analyze the events to determine whether alarms should be generated therefrom. The tools may be accessed via any appropriate user interface of a console that is in communication with the various log managers, event managers, etc., to perform numerous tasks in relation to logs, events and alarms.
-
Citations
45 Claims
-
1. A method for use in monitoring one or more platforms of a data system, comprising the steps of:
-
identifying a set of circumstances with respect to at least one type of storage device usable with said data system; establishing, using a processing platform of said data system, at least one log processing rule to identify logs of said one or more monitored platforms matching said set of circumstances; receiving, at said processing platform, logs from one or more monitored platforms; operating said processing platform to identify received logs that match said set of circumstances; and taking at least one action with respect to said at least one type of storage device in response to said operating step. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for use in monitoring one or more platforms of a data system, comprising the steps of:
-
establishing, on a processing platform, a number of log processing rules for selectively processing logs associated with one or more monitored platforms based on a content of one or more data fields of said logs; receiving, at said processing platform, logs associated with said one or more monitored platforms; processing, at said processing platform, the received logs using said number of log processing rules; identifying, using said processing platform, a processed log; and first operating said processing platform to establish at least one new log processing rule based on one or more data fields of said identified, processed log. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for use in monitoring one or more platforms of a data system, comprising the steps of:
-
establishing, on a processing platform, a number of log processing rules for selectively processing logs associated with one or more monitored platforms based on a content of one or more data fields of said logs; receiving, at said processing platform, logs associated with said one or more monitored platforms; first operating said processing platform to process said logs associated with said one or more monitored platforms using said number of log processing rules; identifying, using said processing platform and in response to said first operating step, at least one event from said logs associated with one of said one or more monitored platforms for further processing; and second operating said processing platform to establish at least one new log processing rule based on one or more data fields of said identified event. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A method for use in monitoring one or more platforms of a data system, comprising the steps of:
-
establishing, on a processing platform, a number of log processing rules for selectively processing logs associated with one or more monitored platforms based on a content of one or more data fields of said logs; identifying, using said processing platform, a log message associated with one of said one or more monitored platforms; first operating said processing platform to establish at least one correlation filter based on one or more metadata fields of said identified log message; and second operating said processing platform to correlate logs previously received and processed by said processing platform using said at least one correlation filter. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A method for use in monitoring one or more platforms of a data system, comprising the steps of:
-
synchronizing a database of the data system with information from at least one directory service of the data system; first operating a processing platform to establish at least one correlation filter based on one or more data fields of the synchronized database; and second operating said processing platform to correlate logs previously received and processed by said processing platform using said at least one correlation filter. - View Dependent Claims (30, 31, 32, 33, 34)
-
-
35. A method for use on one or more platforms of a data system, comprising the steps of:
-
specifying, at a user interface, whether or not to take at least one action in relation to a plurality logs received from one or more monitored platforms of the data system based on a classification of the received logs; receiving, at a processing platform in communication with said user interface, logs from said one or more monitored platforms; and operating the processing platform to process the received logs in accordance with the specifying step. - View Dependent Claims (36, 37, 38, 39, 40)
-
-
41. A processing platform for use in monitoring one or more platforms of a data system, comprising:
-
a storage module including a number of log processing rules for selectively processing logs associated with one or more monitored platforms based on a content of one or more data fields of said logs; a receiving module for receiving logs associated with said one or more monitored platforms; and a processor that is operatively interconnected to the storage module and the receiving module, wherein the processor is operable to; process said logs associated with said one or more monitored platforms using said number of log processing rules; identify at least one event from said logs associated with one of said one or more monitored platforms for further processing; and establish at least one new log processing rule based on one or more data fields of said identified event. - View Dependent Claims (42, 43, 44, 45)
-
Specification