PROTOCOL-BASED CAPTURE OF NETWORK DATA USING REMOTE CAPTURE AGENTS
First Claim
1. A method for processing network data, comprising:
- obtaining, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent;
using configuration information associated with the first protocol classification to build a first event stream from the first packet flow at the remote capture agent, wherein the first event stream comprises time-series event data generated from network packets in the first packet flow based on the first protocol classification; and
transmitting the first event stream over a network for subsequent storage and processing of the first event stream by one or more components on the network.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a system that processes network data. During operation, the system obtains, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent. Next, the system uses configuration information associated with the first protocol classification to build a first event stream from the first packet flow at the remote capture agent, wherein the first event stream comprises time-series event data generated from network packets in the first packet flow based on the first protocol classification. The system then transmits the first event stream over a network for subsequent storage and processing of the first event stream by one or more components on the network.
68 Citations
23 Claims
-
1. A method for processing network data, comprising:
-
obtaining, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent; using configuration information associated with the first protocol classification to build a first event stream from the first packet flow at the remote capture agent, wherein the first event stream comprises time-series event data generated from network packets in the first packet flow based on the first protocol classification; and transmitting the first event stream over a network for subsequent storage and processing of the first event stream by one or more components on the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for processing network data, comprising:
a remote capture agent, comprising; a capture component configured to capture network packets from a network; an events generator configured to; obtain a first protocol classification for a first packet flow captured at the remote capture agent; and use configuration information associated with the first protocol classification to build a first event stream from the first packet flow at the remote capture agent, wherein the first event stream comprises time-series event data generated from network packets in the first packet flow based on the first protocol classification; and a communications component configured to transmit the first event stream over a network for subsequent storage and processing of the first event stream by one or more components on the network. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
17. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for processing network data, the method comprising:
-
obtaining, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent; using configuration information associated with the first protocol classification to build a first event stream from the first packet flow at the remote capture agent, wherein the first event stream comprises time-series event data generated from network packets in the first packet flow based on the first protocol classification; and transmitting the first event stream over a network for subsequent storage and processing of the first event stream by one or more components on the network. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification