Multiple Destinations for Mainframe Event Monitoring

US 20120254313A1
Filed: 04/02/2012
Published: 10/04/2012
Est. Priority Date: 03/31/2011
Status: Active Grant

First Claim

Patent Images

1. A method for managing mainframe events, comprising:

receiving at least one mainframe event at a mainframe event server module communicatively coupled with a mainframe;

converting the received at least one mainframe event to an open format;

selecting a destination Security Information and Event Management (SIEM) application for the received at least one mainframe event based on a set of rules;

identifying a format associated with the selected destination SIEM application; and

transmitting the at least one mainframe event in the identified format from the mainframe event server module to the selected destination SIEM application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and devices are described for managing mainframe events. In the methods, systems, and devices of the present disclosure, at least one mainframe event is received at a mainframe event server module communicatively coupled with a mainframe. The received at least one mainframe event may be converted to an open format. A destination Security Information and Event Management (SIEM) application may be selected for the received at least one mainframe event based on a set of rules, and a format associated with the selected destination SIEM application may be identified. The at least one mainframe event may then be transmitted in the identified format from the mainframe event server module to the selected destination SIEM application.

20 Citations

View as Search Results

20 Claims

1. A method for managing mainframe events, comprising:
- receiving at least one mainframe event at a mainframe event server module communicatively coupled with a mainframe;
  
  converting the received at least one mainframe event to an open format;
  
  selecting a destination Security Information and Event Management (SIEM) application for the received at least one mainframe event based on a set of rules;
  
  identifying a format associated with the selected destination SIEM application; and
  
  transmitting the at least one mainframe event in the identified format from the mainframe event server module to the selected destination SIEM application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - converting the received at least one mainframe event from the open format to the identified format associated with the selected destination SIEM application.
  - 3. The method of claim 1, further comprising:
    - determining a content of the at least one mainframe event;
      
      wherein the selecting the destination SIEM application is based at least partly on the content of the at least one mainframe event.
  - 4. The method of claim 1, further comprising:
    - determining a type of the at least one mainframe event;
      
      wherein the selecting the destination SIEM application is based at least partly on the type of the at least one mainframe event.
  - 5. The method of claim 1, wherein the transmitting the at least one mainframe event to the selected destination SIEM application comprises:
    - writing the at least one mainframe event to a text file associated with the selected destination SIEM application.
  - 6. The method of claim 1, wherein the transmitting the at least one mainframe event to the selected destination SIEM application comprises:
    - writing the at least one mainframe event to a syslog daemon associated with the selected destination SIEM application.
  - 7. The method of claim 1, wherein the transmitting the at least one mainframe event to the selected destination SIEM application comprises:
    - writing the at least one mainframe event to a relational data store associated with the selected destination SIEM application.
  - 8. The method of claim 1, wherein the mainframe events received at the mainframe event server module comprise mainframe events detected from a management console of the mainframe.
  - 9. The method of claim 1, wherein the mainframe events received at the mainframe event server module comprise mainframe events detected from at least one log file associated with the mainframe.
  - 10. The method of claim 1, wherein the open format comprises Common Event Format (CEF).

11. A mainframe event server system, comprising:
- a reformatting module configured to receive at least one mainframe event associated with a mainframe and convert the received at least one mainframe event to an open format;
  
  a destination selection module configured to select a destination Security Information and Event Management (SIEM) application for the received at least one mainframe event based on a set of rules and identify a format associated with the selected destination SIEM application; and
  
  a routing module configured to transmit the at least one mainframe event in the identified format from the mainframe event server module to the selected destination SIEM application.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, wherein the reformatting module is further configured to:
    - convert the received at least one mainframe event from the open format to the identified format associated with the selected destination SIEM application.
  - 13. The system of claim 11, wherein the destination selection module is further configured to:
    - determine a content of the at least one mainframe event;
      
      wherein the selecting the destination SIEM application is based at least partly on the content of the at least one mainframe event.
  - 14. The system of claim 11, wherein the destination selection module is further configured to:
    - determine a type of the at least one mainframe event;
      
      wherein the selecting the destination SIEM application is based at least partly on the type of the at least one mainframe event.
  - 15. The system of claim 11, wherein the routing module is further configured to:
    - write the at least one mainframe event to a text file associated with the selected destination SIEM application.
  - 16. The system of claim 11, wherein the routing module is further configured to:
    - write the at least one mainframe event to a syslog daemon associated with the selected destination SIEM application.
  - 17. The system of claim 11, wherein the routing module is further configured to:
    - write the at least one mainframe event to a relational data store associated with the selected destination SIEM application.

18. A mainframe event server system, the system comprising:
- at least one processor;
  
  at least one memory communicatively coupled with the at least one processor, the at least one memory comprising executable code that, when executed by the at least one processor, causes the at least one processor to;
  
  receive at least one mainframe event associated with a mainframe;
  
  convert the received at least one mainframe event to an open format;
  
  select a destination Security Information and Event Management (SIEM) application for the received at least one mainframe event based on a set of rules;
  
  identify a format associated with the selected destination SIEM application; and
  
  transmit the at least one mainframe event in the identified format from the mainframe event server module to the selected destination SIEM application.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the executable code further causes the at least one processor to:
    - convert the received at least one mainframe event from the open format to the identified format associated with the selected destination SIEM application.
  - 20. The system of claim 18, wherein the executable code further causes the at least one processor to:
    - determine a content of the at least one mainframe event;
      
      wherein the selecting the destination SIEM application is based at least partly on the content of the at least one mainframe event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
MEAS LLC
Original Assignee
MEAS LLC
Inventors
Fake, Robert, Gannaway, Deborah

Granted Patent

US 8,738,768 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/204
CPC Class Codes

G06F 11/3068   where the reporting involve...

G06F 11/3072   where the reporting involve...

H04L 41/06   Management of faults, event...

H04L 41/0686   Additional information in t...

H04L 43/04   Processing captured monitor...

H04L 43/06   Generation of reports

H04L 45/00   Routing or path finding of ...

Multiple Destinations for Mainframe Event Monitoring

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Multiple Destinations for Mainframe Event Monitoring

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others