Expert based system and method for managing error events in a local area network

US 5,483,637 A
Filed: 06/27/1994
Issued: 01/09/1996
Est. Priority Date: 06/27/1994
Status: Expired due to Fees

First Claim

Patent Images

1. A real-time method for correlating causes and error messages to be used in a system for managing error events in a local area network (LAN), said method comprising the steps of:

providing in a knowledge base data defining a plurality of causal relationships, wherein each one of said plurality of said causal relationships associates an error message with at least one cause;

providing in said knowledge base data defining at least one implied relationship, wherein said implied relationship represents a first cause which implies a second cause;

providing in said knowledge base data defining at least one trigger relationship, wherein said trigger relationship associates a first error message with a second error message if said first error message and said second error message are associated with the same causes and said first error message might be produced by the same part of said LAN as said second error message;

receiving error messages from the LAN;

in response to a received error message from said LAN, accessing said knowledge base by an inference engine to identify the error message and retrieve from the knowledge base its possible causes, said inference engine attaching any retrieved possible causes to the received error message;

comparing by the inference engine the received error message with other already received error messages to filter out repeated error messages;

accessing said knowledge base by the inference engine information as to whether the received error message has any triggering error messages and, if so, examining by the inference engine already received error messages to determine whether a triggering error message has arrived and, if so, disregarding by the inference engine the received error message;

accessing said knowledge base by the inference engine for related causes of the received error message and comparing by the inference engine the received error message with existing diagnostic problems, termed a cluster, to determine if the received error message shares common causes with all error messages in the cluster and, if so, adding the received error message to the cluster;

accessing said knowledge base by the inference engine for an imply relationship for the received error message and evaluating by the inference engine the causes in a cluster to determine whether one cause in a cluster implies another cause and, if so, discarding the implied cause; and

when a cluster has one fully instantiated cause left, reporting by the inference engine problems including correlated error messages, a cause and a recommended action for fixing the cause.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An expert based system for managing error events in a local area network (LAN) includes an inference engine and a knowledge base storing data defining a plurality of causal relationships. Each of the causal relationships associates an error message with a cause, at least one implied relationship, and at least one trigger relationship. The inference engine accesses said knowledge base in response to a receiver error message to identify the error message and retrieve from the knowledge base its possible causes. The received error message is compared with other already received error messages to filter out repeated error messages. Already received error messages are examined to determine whether a triggering error message has arrived and, if so, the received error is discarded. The received error message is compared with existing diagnostic problems, termed a cluster, to determine if the received error message shares common causes with all error messages in the cluster and, if so, the received error message is added to the cluster. The causes in a cluster are evaluated to determine whether one cause in a cluster implies another cause and, if so, the implied cause is discarded. A user interface connected to the inference engine is used for reporting problems including correlated error messages, a cause and a recommended action for fixing the cause.

Citations

13 Claims

1. A real-time method for correlating causes and error messages to be used in a system for managing error events in a local area network (LAN), said method comprising the steps of:
- providing in a knowledge base data defining a plurality of causal relationships, wherein each one of said plurality of said causal relationships associates an error message with at least one cause;
  
  providing in said knowledge base data defining at least one implied relationship, wherein said implied relationship represents a first cause which implies a second cause;
  
  providing in said knowledge base data defining at least one trigger relationship, wherein said trigger relationship associates a first error message with a second error message if said first error message and said second error message are associated with the same causes and said first error message might be produced by the same part of said LAN as said second error message;
  
  receiving error messages from the LAN;
  
  in response to a received error message from said LAN, accessing said knowledge base by an inference engine to identify the error message and retrieve from the knowledge base its possible causes, said inference engine attaching any retrieved possible causes to the received error message;
  
  comparing by the inference engine the received error message with other already received error messages to filter out repeated error messages;
  
  accessing said knowledge base by the inference engine information as to whether the received error message has any triggering error messages and, if so, examining by the inference engine already received error messages to determine whether a triggering error message has arrived and, if so, disregarding by the inference engine the received error message;
  
  accessing said knowledge base by the inference engine for related causes of the received error message and comparing by the inference engine the received error message with existing diagnostic problems, termed a cluster, to determine if the received error message shares common causes with all error messages in the cluster and, if so, adding the received error message to the cluster;
  
  accessing said knowledge base by the inference engine for an imply relationship for the received error message and evaluating by the inference engine the causes in a cluster to determine whether one cause in a cluster implies another cause and, if so, discarding the implied cause; and
  
  when a cluster has one fully instantiated cause left, reporting by the inference engine problems including correlated error messages, a cause and a recommended action for fixing the cause.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as recited in claim 1 wherein each of said causes in said plurality of causal relationships are associated with a place which identifies a location of the cause.
  - 3. A method as recited in claim 1 wherein each of said plurality of causal relationships is associated with a condition wherein said causal relationship is valid only if said condition is satisfied.
  - 4. A method as recited in claim 1 wherein a trigger relationship between first and second error messages includes a user definable time period during which said first error message and said second error message must both be received.
  - 5. A method as recited in claim 1 wherein if the received error message does not share common causes with causes in an existing cluster, creating by the inference engine a new cluster for a new diagnostic problem.
  - 6. A method as recited in claim 1 wherein the step of reporting occurs after a predetermined time has elapsed even if more than one instantiated cause remains in the cluster, and when the step of reporting occurs with more than one instantiated cause remaining in the cluster, a problem report is generated with multiple causes.
  - 7. A method as recited in claim 1 wherein said causes and said error messages include variables wherein for an error message to be associated with a cause said variables of said causes and said error messages must be similarly instantiated.
  - 8. A method as recited in claim 7 wherein the step of comparing the received error message with other already received error messages to filter out repeated error messages includes the step of deleting the received error message if it is the same as a prior error message and it is received within a certain predetermined period of time after the receipt of the prior error message, two error messages being the same if they have the same error message identification and variables even though the two error messages come from different machines.

9. An expert based system for managing error events in a local area network (LAN) in real-time comprising:
- at least one LAN server connected in said local area network;
  
  a plurality of LAN requesters connected in said local area network;
  
  a plurality of LAN EXPERT agents installed on LAN servers and LAN requesters to transmit error messages generated by the LAN servers and LAN requesters to a LAN EXPERT server, said LAN EXPERT server being connected in said local area network and includingan inference engine,a knowledge base storing data defining a plurality of causal relationships, wherein each one of said plurality of causal relationships associates an error message with at least one cause, at least one implied relationship, wherein said implied relationship represents a first cause which implies a second cause, and at least one trigger relationship, wherein said trigger relationship associates a first error message with a second error message if said first error message and said second error message are associated with the same causes and said first error message might be produced by the same part of said LAN as said second error message,said inference engine accessing said knowledge base in response to a received error message to identify the error message and retrieve from the knowledge base its possible causes, comparing the received error message with other already received error messages to filter out repeated error messages, examining already received error messages to determine whether a triggering error message has arrived and, if so, disregarding by the inference engine the received error message, comparing the received error message with existing diagnostic problems, termed a cluster, to determine if the received error message shares common causes with all error messages in the cluster and, if so, adding the received error message to the cluster, and evaluating the causes in a cluster to determine whether one cause in a cluster implies another cause and, if so, discarding the implied cause, anda user interface connected to said inference engine for reporting problems including correlated error messages, a cause and a recommended action for fixing the cause.
- View Dependent Claims (10, 11, 12, 13)
- - 10. A system as recited in claim 9 wherein each of said causes in said plurality of causal relationships are associated with a place which identifies a location of the cause.
  - 11. A system as recited in claim 9 wherein each of said plurality of causal relationships is associated with a condition wherein said causal relationships is valid only if said condition is satisfied.
  - 12. A system as recited in claim 9 wherein said trigger relationship includes a user definable time period during which said first error message and said second error message must both be received.
  - 13. A system as recited in claim 9 wherein said causes and said error messages include variables wherein for an error message to be associated with a cause said variables of said causes and said error messages must be similarly instantiated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Shiloach, Joseph, Huang, Yuangene, Ribak, Amnon, Winokur, Alex
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Fisch, Alan M.

Application Number

US08/266,074
Time in Patent Office

561 Days
Field of Search

395/575, 395/550, 395/183.02, 395/183.22, 395/911, 395/917, 364/550, 364/264.7, 364/269.4, 371/20.1
US Class Current

714/26
CPC Class Codes

H04L 43/00   Arrangements for monitoring...

H04L 43/06   Generation of reports

H04L 43/0817   by checking functioning

Expert based system and method for managing error events in a local area network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Expert based system and method for managing error events in a local area network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links