System for logging and enabling ordered retrieval of management events

US 6,148,338 A
Filed: 04/03/1998
Issued: 11/14/2000
Est. Priority Date: 04/03/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for logging events in a managed environment, said method comprising:

a) monitoring, by a central broker, the managed environment for one or more events;

b) receiving an event of the one or more events by the central broker;

c) logging the event as the event is received by the central broker to an event store, wherein the event store has a plurality of non-textual files organized into a plurality of sets with each set of the plurality of sets containing corresponding event log and event index files, by appending a complete representation of the event in a language-independent non-textual form to an event log file of the event store and writing to an event index file the location of the event in the event log file; and

d) repeating b) and c) for each event of the one or more events.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A methodology and supporting structure for logging and ordering management events in a network management system in a managed environment is presented. The network system has a central broker, which monitors the managed environment and receives events in the managed environment, and an event store, which has non-textual files organized into sets with each set containing corresponding event log and event index files. Events are logged as received by the central broker into the non-textual files organized into the sets. A complete representation of one or more events is stored in a language-independent form in an event log file of the event store so that the event information may be read and formatted for presentation in a local language. An event index file of the event log contains the location of the one or more events. The flow from multiple streams of related events may also be tracked.

201 Citations

26 Claims

1. A method for logging events in a managed environment, said method comprising:
- a) monitoring, by a central broker, the managed environment for one or more events;
  
  b) receiving an event of the one or more events by the central broker;
  
  c) logging the event as the event is received by the central broker to an event store, wherein the event store has a plurality of non-textual files organized into a plurality of sets with each set of the plurality of sets containing corresponding event log and event index files, by appending a complete representation of the event in a language-independent non-textual form to an event log file of the event store and writing to an event index file the location of the event in the event log file; and
  
  d) repeating b) and c) for each event of the one or more events.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein simultaneous with logging the event to the event store, also logging the event to an ASCII text file.
  - 3. The method of claim 1, wherein the language-independent form enables formatting of each event of the one or more events into a local language.
  - 4. The method of claim 1, wherein after receiving and logging the one or more events to the event store, logging the notification of an event flowing from a stream, said method comprising:
    - a) receiving notification of a stream event flowing from a stream;
      
      b) determining the location of the stream event in the event log file; and
      
      c) logging the stream event to an event store by appending to a stream log file of one or more stream log files the location of the stream event in the event log file.
  - 5. The method of claim 4, wherein determining the location of the stream event in the event log file is accomplished by reference to the event index file.
  - 6. The method of claim 4, wherein appending to the stream log file the location of the stream event in the event log file further comprises:
    - a) determining whether the stream log file is open;
      
      b) if the stream log file is not open, opening the stream log file and writing a stream log file header in the stream log file; and
      
      c) writing the location of the stream event to the stream log file.
  - 7. The method of claim 6, wherein opening the stream log file is accomplished by opening the stream log file having a file name that contains a set number and a stream name of the stream event.
  - 8. The method of claim 1, wherein after receiving and logging the one or more events to the event store logging a correlation request, said method comprising:
    - a) receiving a correlation request for a primary event and a correlated event;
      
      b) determining the location of the correlated event in the event log file; and
      
      c) logging the correlated event to an event store by appending to a correlation log file the location of the correlated event in the event log file.
  - 9. The method of claim 8, wherein determining the location of the correlated event in the event log file is accomplished by reference to the event index file.
  - 10. The method of claim 8, wherein appending to the correlation log file the location of the correlated event in the event log file, further comprises:
    - a) determining whether the correlation log file is open;
      
      b) if the correlation log file is not open, opening the correlation log file and writing a correlation log file header in the correlation log file; and
      
      c) writing the location of the correlated event to the correlation log file.
  - 11. The method of claim 10, wherein opening the correlation log file is accomplished by opening the correlation log file having a file name that contains a set number and a stream name of the correlated event.

12. A method for logging events in a managed environment, said method comprising:
- a) monitoring, by a central broker, the managed environment for one or more events;
  
  b) receiving an event of the one or more events by the central broker;
  
  c) logging the event as the event is received by the central broker to an event store by appending a complete representation of the event in a language-independent form to an event log file and writing to an event index file the location of the event in the event log file, wherein the event store has a plurality of non-textual files organized into a plurality of sets and, wherein appending a complete representation of the event to the event log file, further comprises;
  
  determining whether the event log file is open;
  
  if the event log file is not open, comprising;
  
  determining a youngest event log file and saving a set number of the youngest event log file; and
  
  opening the youngest event log file and the event index file having the set number;
  
  determining whether the event log file has reached a maximum size;
  
  if the event log file has reached the maximum size, comprising;
  
  adjusting a set number counter and an iteration counter; and
  
  for each open event log file, closing the event log file, reopening the event log file with a new set number, truncating the file, and writing a new file header of the event log file; and
  
  appending the event to the event log file; and
  
  d) repeating b) and c) for each event of the one or more events.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, wherein opening the event log file and the event index file is accomplished by opening the event log file and one or more event index files having filenames that contain the set number.
  - 14. The method of claim 13, wherein the event log file header contains the iteration number.

15. A method for reconstruction of the flow of all events through a managed environment, comprising:
- a) establishing a target time representative of the beginning of the logging of the one or more events;
  
  b) identifying an initial event log file of the one or more event log files that contains the oldest events with respect to the target time;
  
  c) opening the initial event log file and reading the iteration number of a header of the initial event log file;
  
  d) reading in sequential order each event entry of the initial event log file;
  
  e) verifying that the iteration number in each event entry of the initial event log file matches the iteration number of the header of the initial event log file and saving a set number, a location, and a timestamp of each event entry of the initial event log file that is read;
  
  f) identifying a subsequent event log file of the one or more event log files that contains the oldest event with respect to the timestamp;
  
  g) opening a subsequent event log file of the one or more event log files and reading the iteration number of the header of the subsequent event log file;
  
  h) reading in sequential order each event entry of the subsequent event log file; and
  
  i) verifying that the iteration number in each event entry of the subsequent event log file matches the iteration number of the header of the subsequent event log file and saving the set number, the location, and the timestamp of each event entry of the subsequent event log file that is read;
  
  j) repeating f)-i) for each event log file of the one or more event log files.

16. A method for reconstruction of the flow of the one or more events from a single stream in the central broker by reading one or more stream log files comprises:
- a) establishing a target time representative of the beginning of a stream;
  
  b) identifying an initial stream log file of one or more stream log files that contains the oldest stream event with respect to the target time;
  
  c) opening the initial stream log file and reading an iteration number of a header of the initial stream log file;
  
  d) reading in sequential order each stream event record of the initial stream log file;
  
  e) verifying that the iteration number in each stream event record of the initial stream log file matches the iteration number read in the header of the initial stream log file and saving a set number, a location, and a timestamp of each stream event record of the initial stream log file that is read;
  
  f) finding a stream event in an event log file using the location and the set number;
  
  g) identifying a subsequent stream log file of the one or more stream log files that contains the oldest stream event with respect to the timestamp;
  
  h) opening the subsequent stream log file of the one or more stream log files and reading the iteration number of the header of the subsequent stream log file;
  
  i) reading in sequential order each stream event record of the subsequent stream log file;
  
  j) verifying that the iteration number in each stream event record of the subsequent stream log file matches the iteration number read in the header of the subsequent stream log file and saving the set number, the location, and the timestamp of each stream event record of the subsequent stream log file that is read;
  
  k) finding the stream event in the event log file using the location and the set number; and
  
  l) repeating g)-j) for each stream log file of the one or more stream log files.
- View Dependent Claims (17)
- - 17. The method of claim 16, wherein reading in sequential order each stream event record of the initial stream log file comprises saving a stream event timestamp, a set number, and the location of each stream event record as it is read before proceeding to read a subsequent stream event record of the subsequent stream log file.

18. A method for finding all correlated events which have been correlated with one or more primary events by reading the one or more correlation log files, said method comprising:
- a) scanning the correlation log file to find the correlated event correlated with the primary event;
  
  b) saving the location and a set number of the correlated event;
  
  c) finding the correlated event in an event log file using the location and the set number; and
  
  d) repeating a)-c) for each correlated event of the one or more correlated events correlated with the primary event.

19. A network system capable of logging and enabling the ordered retrieval of events in a managed environment, comprising:
- a) a central broker which monitors the managed environment for one or more events and receives the one or more events; and
  
  b) an event store, having a plurality of non-textual files organized into a plurality of sets with each set of the plurality of sets containing corresponding event log and event index files, to which each event of the one or more events is logged as received by the central broker in the order received, wherein an event log file of the event store contains a complete representation of the one or more events received from the central broker in a language-independent form that enables formatting of the one or more events into a local language and further contains an event index file containing the location of the one or more events in the event log file.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The system of claim 19, wherein the event store further comprises a stream log file containing the location of events in the event log file.
  - 21. The system of claim 20, wherein the stream log file contains one or more records having a timestamp, an event identifier, a set number, a stream event location, and an iteration number.
  - 22. The system of claim 19, wherein the event store further comprises a correlation log file containing one or more correlation relationships between one or more pairs of events in the event log file.
  - 23. The system of claim 22, wherein the correlation log file contains fixed-length records.
  - 24. The system of claim 22, wherein the correlation log file contains one or more records having a correlation relationship, a primary event identifier, a set number, a correlation event location, and a timestamp.
  - 25. The system of claim 19, wherein the event log file contains variable-length records identified by a beginning-of-record marker and an end-of-record marker.
  - 26. The system of claim 25, wherein the event log file contains one or more records having an iteration number, a timestamp, a message length, and a variable-length message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Company (HP Inc.)
Inventors
Lachelt, David Jonathan, Houck, Peter Thomas
Primary Examiner(s)
Maung, Zarni
Assistant Examiner(s)
CALDWELL, ANDREW T

Application Number

US09/055,057
Time in Patent Office

956 Days
Field of Search

709/224, 714/39, 714/47
US Class Current

709/224
CPC Class Codes

H04L 41/0213 Standardised network manage...

H04L 41/0631 using root cause analysis; ...

System for logging and enabling ordered retrieval of management events

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

201 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

System for logging and enabling ordered retrieval of management events

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

201 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links